github/podinfo
1
0
Fork 0
mirror of https://github.com/stefanprodan/podinfo.git synced 2026-04-07 03:26:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:6.1.3
Branches Tags
github:master github:dependabot/github_actions/actions-cb5fd4910d github:gh-pages github:test-source-watcher github:feat/notation github:v6.x github:v5.x github:v3.x github:v1.x github:v0.x
github:6.11.2 github:6.11.1 github:6.11.0 github:6.10.2 github:6.10.1 github:6.10.0 github:6.9.4 github:6.9.3 github:6.9.2 github:6.9.1 github:6.9.0 github:6.8.0 github:6.7.1 github:6.7.0 github:6.6.3 github:6.6.2 github:6.6.1 github:6.6.0 github:6.5.4 github:6.5.3 github:6.5.2 github:6.5.1 github:6.5.0 github:6.4.1 github:6.4.0 github:6.3.6 github:6.3.5 github:6.3.4 github:6.3.3 github:6.3.2 github:6.3.1 github:6.3.0 github:6.2.3 github:6.2.2 github:6.2.1 github:6.2.0 github:6.1.8 github:6.1.7 github:6.1.6 github:6.1.5 github:6.1.4 github:6.1.3 github:6.1.2 github:6.1.1 github:6.1.0 github:6.0.4 github:6.0.3 github:6.0.2 github:6.0.1 github:6.0.0 github:5.2.1 github:5.2.0 github:5.1.4 github:5.1.3 github:5.1.2 github:5.1.1 github:5.1.0 github:5.0.3 github:5.0.2 github:5.0.1 github:5.0.0 github:4.0.6 github:4.0.5 github:4.0.4 github:4.0.3 github:4.0.2 github:4.0.1 github:4.0.0 github:3.3.1 github:3.3.0 github:3.2.4 github:3.2.3 github:3.2.2 github:3.2.1 github:3.2.0 github:3.1.5 github:3.1.4 github:3.1.3 github:3.1.2 github:3.1.1 github:3.1.0 github:3.0.0 github:2.1.3 github:2.1.2 github:2.1.1 github:2.1.0 github:2.0.2 github:2.0.1 github:2.0.0 github:v1.8.0 github:v1.7.0 github:v1.6.0 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.1 github:v1.3.0 github:v1.2.1 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.0 github:v0.5.0 github:v0.4.0 github:0.2.2
..
compare: github:6.3.2
Branches Tags
github:dependabot/github_actions/actions-cb5fd4910d github:gh-pages github:master github:test-source-watcher github:feat/notation github:v6.x github:v5.x github:v3.x github:v1.x github:v0.x
github:6.11.2 github:6.11.1 github:6.11.0 github:6.10.2 github:6.10.1 github:6.10.0 github:6.9.4 github:6.9.3 github:6.9.2 github:6.9.1 github:6.9.0 github:6.8.0 github:6.7.1 github:6.7.0 github:6.6.3 github:6.6.2 github:6.6.1 github:6.6.0 github:6.5.4 github:6.5.3 github:6.5.2 github:6.5.1 github:6.5.0 github:6.4.1 github:6.4.0 github:6.3.6 github:6.3.5 github:6.3.4 github:6.3.3 github:6.3.2 github:6.3.1 github:6.3.0 github:6.2.3 github:6.2.2 github:6.2.1 github:6.2.0 github:6.1.8 github:6.1.7 github:6.1.6 github:6.1.5 github:6.1.4 github:6.1.3 github:6.1.2 github:6.1.1 github:6.1.0 github:6.0.4 github:6.0.3 github:6.0.2 github:6.0.1 github:6.0.0 github:5.2.1 github:5.2.0 github:5.1.4 github:5.1.3 github:5.1.2 github:5.1.1 github:5.1.0 github:5.0.3 github:5.0.2 github:5.0.1 github:5.0.0 github:4.0.6 github:4.0.5 github:4.0.4 github:4.0.3 github:4.0.2 github:4.0.1 github:4.0.0 github:3.3.1 github:3.3.0 github:3.2.4 github:3.2.3 github:3.2.2 github:3.2.1 github:3.2.0 github:3.1.5 github:3.1.4 github:3.1.3 github:3.1.2 github:3.1.1 github:3.1.0 github:3.0.0 github:2.1.3 github:2.1.2 github:2.1.1 github:2.1.0 github:2.0.2 github:2.0.1 github:2.0.0 github:v1.8.0 github:v1.7.0 github:v1.6.0 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.1 github:v1.3.0 github:v1.2.1 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.0 github:v0.5.0 github:v0.4.0 github:0.2.2

85 Commits
6.1.3 ... 6.3.2

Author SHA1 Message Date
Stefan Prodan
e8c388a3fd Merge pull request #245 from stefanprodan/release-6.3.2 
Release v6.3.3
 2023-02-03 12:28:34 +02:00
Stefan Prodan
abc38e1bff Release v6.3.3 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2023-02-03 12:25:11 +02:00
Stefan Prodan
bf4a3140fe Merge pull request #244 from stefanprodan/slsa-sbom 
build: Enable SBOM and SLSA Provenance
 2023-02-03 12:23:00 +02:00
Stefan Prodan
de2dd687cb build: Enable SBOM and SLSA Provenance 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2023-02-03 12:19:26 +02:00
Stefan Prodan
f7a9563986 Merge pull request #243 from stefanprodan/release-6.3.1 
Release v6.3.1
 2023-02-03 11:52:05 +02:00
Stefan Prodan
a699fffe7b Release v6.3.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2023-02-03 11:47:55 +02:00
Stefan Prodan
24e5de8934 Merge pull request #242 from stefanprodan/golang-jwt 
Update dependencies
 2023-02-03 11:46:53 +02:00
Stefan Prodan
298c1ae941 Update dependencies 
- Replace `dgrijalva/jwt-go` with `golang-jwt/jwt`
- Replace `ioutil` with `io` and `os`

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2023-02-03 11:42:17 +02:00
Stefan Prodan
fdd0a0b7da Merge pull request #240 from stefanprodan/kubeconform 
Validate manifests with kubeconform
 2022-12-23 13:28:18 +02:00
Stefan Prodan
8bab17843c Validate manifests with kubeconform 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-23 13:23:24 +02:00
Stefan Prodan
34c5ab57b6 Merge pull request #239 from stefanprodan/cue-hpa-v2 
Update HPA to v2 in CUE definitions
 2022-12-23 12:30:23 +02:00
Stefan Prodan
0f9c989b68 Update HPA to v2 in CUE definitions 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-23 12:18:50 +02:00
Stefan Prodan
e2e85a9604 Merge pull request #238 from stefanprodan/release-v6.3.0 
Release v6.3.0
 2022-12-21 12:58:20 +02:00
Stefan Prodan
b687d3c76f Update Alpine to v3.17 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-21 12:53:43 +02:00
Stefan Prodan
dbbb415194 Release v6.3.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-21 12:50:25 +02:00
Stefan Prodan
1a89d81ebb Merge pull request #237 from stefanprodan/hpa-v2 
Update HPA to autoscaling/v2
 2022-12-21 12:43:55 +02:00
Stefan Prodan
b39526ebe8 Set Kubernetes 1.23.0 as the minimum required version 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-21 12:33:47 +02:00
Stefan Prodan
607303dca9 Update HPA to autoscaling/v2 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-21 12:07:31 +02:00
Stefan Prodan
3053e634f9 Merge pull request #236 from stefanprodan/update-workflows 
Update GitHub workflows
 2022-12-21 12:00:59 +02:00
Stefan Prodan
4f1e56ae83 Update GitHub workflows 
- replace `engineerd/setup-kind` with `helm/kind-action`
- use  `azure/setup-helm` to install the Helm CLI

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-21 11:55:36 +02:00
Stefan Prodan
f0590a03e0 Merge pull request #235 from stefanprodan/update-x/net 
Update dependencies
 2022-12-21 11:23:32 +02:00
Stefan Prodan
aa815625d9 Update dependencies 
Fix for golang.org/x/net CVEs

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-12-21 11:18:30 +02:00
Stefan Prodan
8615cb75d9 Merge pull request #233 from stefanprodan/release-6.2.3 
Release v6.2.3
 2022-11-09 13:17:16 +02:00
Stefan Prodan
b23ebb15cb Release v6.2.3 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-11-09 13:12:30 +02:00
Stefan Prodan
dcb5b13023 Merge pull request #232 from stefanprodan/deps-update 
Update dependencies
 2022-11-09 13:10:23 +02:00
Stefan Prodan
71869089fa Update dependencies 
- github.com/prometheus/client_golang v1.14.0
- github.com/spf13/cobra v1.6.1
- github.com/spf13/viper v1.14.0
- go.opentelemetry.io/contrib/propagators/ot v1.11.1
- golang.org/x/net v0.2.0

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-11-09 12:59:22 +02:00
Stefan Prodan
1cf228c67b Merge pull request #228 from stefanprodan/release-6.2.2 
Release 6.2.2
 2022-10-20 12:25:15 +03:00
Stefan Prodan
b6e81a931b Release 6.2.2 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-10-20 12:12:44 +03:00
Stefan Prodan
744597a481 Merge pull request #227 from stefanprodan/deps-up 
Update dependencies
 2022-10-20 12:05:40 +03:00
Stefan Prodan
389c86ee93 Update dependencies 
Fix CVE-2022-32149 of `golang.org/x/text`

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-10-20 12:00:33 +03:00
Stefan Prodan
34db5fa463 Merge pull request #226 from cv65kr/feat/graceful-shutdown 
Enable graceful shutdown for gRPC server
 2022-10-20 11:48:43 +03:00
Kajetan
0d62402ae9 Graceful shutdown 2022-10-18 17:31:51 +02:00
Stefan Prodan
e40d32ba87 Merge pull request #224 from jkremser/helm-probes 
Add a way to customize liveness and readiness probes in helm chart
 2022-10-06 15:17:54 +02:00
Jirka Kremser
3879b59f43 Add a way to customize liveness and readiness probes in helm chart 
Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
 2022-10-03 17:36:14 +02:00
Stefan Prodan
44157ecd84 Merge pull request #222 from stefanprodan/release-6.2.1 
Release 6.2.1
 2022-09-29 12:54:45 +03:00
Stefan Prodan
bfa8d8032f Release 6.2.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-09-29 12:49:43 +03:00
Stefan Prodan
b1251214f6 Merge pull request #221 from stefanprodan/update-golang.org/x/net 
Update dependencies
 2022-09-29 12:41:38 +03:00
Stefan Prodan
f1168c4946 Update dependencies 
Fix for golang.org/x/net CVE-2022-27664

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-09-29 12:36:35 +03:00
Stefan Prodan
013343a232 Merge pull request #220 from stefanprodan/go1.19 
Build with Go 1.19
 2022-09-29 12:31:39 +03:00
Stefan Prodan
d460863f3b Merge pull request #217 from Boojapho/imagepullsecret 
feat(helm): added imagepullsecrets
 2022-09-29 12:31:26 +03:00
Stefan Prodan
25a1e26159 Build with Go 1.19 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-09-29 12:24:20 +03:00
Stefan Prodan
b39afea117 Merge pull request #219 from stefanprodan/build-revision 
ci: Add revision to Docker build args
 2022-09-29 12:23:27 +03:00
Stefan Prodan
6d11ef9baf ci: Add revision to Docker build args 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-09-29 12:18:53 +03:00
Michael McLeroy
baf128d856 feat(helm): added imagepullsecrets 2022-09-13 15:55:16 -04:00
Stefan Prodan
79f8138328 Merge pull request #215 from stefanprodan/fix-flux-oci 
Fix Flux tagging action
 2022-08-15 15:48:06 +03:00
Stefan Prodan
ceed4e7870 Fix Flux tagging action 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-08-15 15:43:33 +03:00
Stefan Prodan
bfce2199e8 Merge pull request #214 from stefanprodan/release-6.2.0 
Release 6.2.0
 2022-08-15 15:36:39 +03:00
Stefan Prodan
d55bb8eabd Release 6.2.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-08-15 15:29:44 +03:00
Stefan Prodan
5fb056ebcb Merge pull request #213 from stefanprodan/update-actions 
Update GitHub Actions workflows
 2022-08-15 15:28:53 +03:00
Stefan Prodan
35b9c9f946 Update GitHub Actions workflows 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-08-15 15:22:02 +03:00
Stefan Prodan
74e0aeeff7 Merge pull request #212 from stefanprodan/update-deps 
Update dependencies
 2022-08-15 15:10:54 +03:00
Stefan Prodan
bbb081b0e1 Update dependencies 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-08-15 15:06:41 +03:00
Stefan Prodan
c16318bb85 Merge pull request #211 from stefanprodan/flux-oci 
Publish OCI artifacts on release with Flux
 2022-08-15 15:01:51 +03:00
Stefan Prodan
86d5fe86e4 Publish OCI artifacts on release with Flux 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-08-15 14:56:50 +03:00
Stefan Prodan
b3b00fe354 Merge pull request #209 from stefanprodan/release-6.1.8 
Release 6.1.8
 2022-07-28 13:13:30 +03:00
Stefan Prodan
a7bcfaf9b3 Release 6.1.8 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-07-28 13:06:55 +03:00
Stefan Prodan
1d4c534728 Merge pull request #208 from stefanprodan/update-go-yaml 
Update gopkg.in/yaml.v3 to v3.0.1
 2022-07-28 13:05:52 +03:00
Stefan Prodan
f2e0aa154d Update gopkg.in/yaml.v3 to v3.0.1 
Fix CVE-2022-28948

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-07-28 12:59:12 +03:00
Stefan Prodan
6d5b3d254a Merge pull request #207 from stefanprodan/release-6.1.7 
Release 6.1.7
 2022-07-27 19:19:21 +03:00
Stefan Prodan
9b9f11da95 Release 6.1.7 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-07-27 19:11:48 +03:00
Stefan Prodan
1a55e30bcf Merge pull request #206 from stefanprodan/update-swagger 
Update Swagger packages and definition
 2022-07-27 19:10:11 +03:00
Stefan Prodan
394c40e3ff Update Swagger packages and definition 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-07-27 18:59:22 +03:00
Stefan Prodan
b76b1a38c9 Merge pull request #204 from FlomoN/master 
Add path based params to OpenAPI spec
 2022-06-22 11:11:40 +03:00
FlomoN
2eb17d80c8 add some more params to other api routes with path based params 2022-06-20 18:37:13 +02:00
FlomoN
678a42ce34 recreate docs 2022-06-20 18:26:34 +02:00
FlomoN
2da59980fe switch to for installing swag 2022-06-20 18:05:53 +02:00
FlomoN
8697f091f3 Add params to godoc for cache 2022-06-20 14:20:34 +02:00
Stefan Prodan
4d2cf65260 Merge pull request #202 from TaylorMonacelli/patch-1 
Fix test error "Error: release: not found"
 2022-06-14 11:58:54 +03:00
Taylor Monacelli
116a378991 Fix test error "Error: release: not found" 2022-06-12 12:05:41 -07:00
Stefan Prodan
450796ddb2 Merge pull request #200 from stefanprodan/release-6.1.6 
Release v6.1.6
 2022-05-31 13:11:27 +03:00
Stefan Prodan
cb8c1fcec1 Release v6.1.6 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-31 13:04:28 +03:00
Stefan Prodan
37da8d1c74 Merge pull request #199 from stefanprodan/update-deps 
Update dependencies
 2022-05-31 13:01:10 +03:00
Stefan Prodan
e55ebd258d Update dependencies 
Fix CVE-2022-28948

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-31 12:42:25 +03:00
Stefan Prodan
6b869d1a18 Merge pull request #198 from stefanprodan/go-1.18 
Update Go to 1.18 and Alpine to 3.16
 2022-05-24 13:06:50 +03:00
Stefan Prodan
dea973d614 Release podinfo 6.1.5 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-24 12:09:58 +03:00
Stefan Prodan
f4199ab8bc Update Go to 1.18 and Alpine to 3.16 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-05-24 12:09:08 +03:00
Paul Carlton
19603ddfc1 Fix panic triggering via HTTP API (#197) 
Fix GET /panic

The GET /panic api call is not working due the the logger.Panic method
failing to call panic. This change replaces the logger.Panic method
call with logger.Info and adds a call to os.Exit(255).
 2022-05-24 12:03:54 +03:00
Stefan Prodan
bf09377bfd Merge pull request #194 from stefanprodan/release-v6.1.4 
Release v6.1.4
 2022-04-18 10:00:06 +03:00
Stefan Prodan
075712dd73 Release v6.1.4 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-04-18 09:56:02 +03:00
Stefan Prodan
07dd9a3c3e Merge pull request #193 from stefanprodan/deps-up 
Update dependencies
 2022-04-18 09:54:32 +03:00
Stefan Prodan
63ac69ea69 Update dependencies 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-04-18 09:49:42 +03:00
Stefan Prodan
3db382d2c9 Merge pull request #192 from stefanprodan/cue-refac 
Refactor CUE module
 2022-04-18 09:44:21 +03:00
Stefan Prodan
9f88a0e940 Refactor CUE module 
- set default labels and annotations
- fix the service monitor selector
- allow setting ingress annotations
- remove embedded cert
- add cert-manager example for ingress
- set CPU scaling as default in HPA
- rename app input to config
- rename app out to objects

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-04-17 15:43:09 +03:00
Stefan Prodan
c6a2c90497 Merge pull request #191 from stefanprodan/exclude-cue-vendor 
Exclude the CUE vendor packages from Git
 2022-04-14 19:31:59 +03:00
Stefan Prodan
54908f7d51 Exclude the CUE vendor packages from Git 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-04-14 19:03:58 +03:00
134 changed files with 1099 additions and 16337 deletions
Expand all files Collapse all files

33
.github/actions/helm/action.yml vendored
View File

@@ -1,33 +0,0 @@
name: Setup Helm CLI
description: A GitHub Action for running Helm commands
author: Stefan Prodan
branding:
color: blue
icon: command
inputs:
version:
description: "Helm version"
required: true
runs:
using: composite
steps:
- name: "Download helm binary to tmp"
shell: bash
run: |
VERSION=${{ inputs.version }}
BIN_URL="https://get.helm.sh/helm-v${VERSION}-linux-amd64.tar.gz"
curl -sL ${BIN_URL} -o /tmp/helm.tar.gz
mkdir -p /tmp/helm
tar -C /tmp/helm/ -zxvf /tmp/helm.tar.gz
- name: "Add helm binary to /usr/local/bin"
shell: bash
run: |
sudo cp /tmp/helm/linux-amd64/helm /usr/local/bin
- name: "Cleanup tmp"
shell: bash
run: |
rm -rf /tmp/helm/ /tmp/helm.tar.gz
- name: "Verify correct installation of binary"
shell: bash
run: |
helm version

38
.github/actions/kubeconform/action.yml vendored Normal file
View File

@@ -0,0 +1,38 @@
name: Setup kubeconform
description: A GitHub Action for running kubeconform commands
author: Stefan Prodan
branding:
color: blue
icon: command
inputs:
version:
description: "kubeconform version e.g. 0.5.0 (defaults to latest stable release)"
required: false
arch:
description: "arch can be amd64 or arm64"
required: true
default: "amd64"
runs:
using: composite
steps:
- name: "Download binary to the GH runner cache"
shell: bash
run: |
ARCH=${{ inputs.arch }}
VERSION=${{ inputs.version }}
if [ -z $VERSION ]; then
VERSION=$(curl https://api.github.com/repos/yannh/kubeconform/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
fi
BIN_URL="https://github.com/yannh/kubeconform/releases/download/v${VERSION}/kubeconform-linux-${ARCH}.tar.gz"
BIN_DIR=$RUNNER_TOOL_CACHE/kubeconform/$VERSION/$ARCH
if [[ ! -x "$BIN_DIR/kind" ]]; then
mkdir -p $BIN_DIR
cd $BIN_DIR
curl -sL $BIN_URL | tar xz
chmod +x kubeconform
fi
echo "$BIN_DIR" >> "$GITHUB_PATH"

51
.github/policy/kubernetes.rego vendored
View File

@@ -1,51 +0,0 @@
package kubernetes
name = input.metadata.name
kind = input.kind
is_service {
input.kind = "Service"
}
is_deployment {
input.kind = "Deployment"
}
is_pod {
input.kind = "Pod"
}
split_image(image) = [image, "latest"] {
not contains(image, ":")
}
split_image(image) = [image_name, tag] {
[image_name, tag] = split(image, ":")
}
pod_containers(pod) = all_containers {
keys = {"containers", "initContainers"}
all_containers = [c | keys[k]; c = pod.spec[k][_]]
}
containers[container] {
pods[pod]
all_containers = pod_containers(pod)
container = all_containers[_]
}
containers[container] {
all_containers = pod_containers(input)
container = all_containers[_]
}
pods[pod] {
is_deployment
pod = input.spec.template
}
pods[pod] {
is_pod
pod = input
}

43
.github/policy/rules.rego vendored
View File

@@ -1,43 +0,0 @@
package main
import data.kubernetes
name = input.metadata.name
# Deny containers with latest image tag
deny[msg] {
kubernetes.containers[container]
[image_name, "latest"] = kubernetes.split_image(container.image)
msg = sprintf("%s in the %s %s has an image %s, using the latest tag", [container.name, kubernetes.kind, kubernetes.name, image_name])
}
# Deny services without app label selector
service_labels {
input.spec.selector["app"]
}
deny[msg] {
kubernetes.is_service
not service_labels
msg = sprintf("Service %s should set app label selector", [name])
}
# Deny deployments without app label selector
match_labels {
input.spec.selector.matchLabels["app"]
}
deny[msg] {
kubernetes.is_deployment
not match_labels
msg = sprintf("Service %s should set app label selector", [name])
}
# Warn if deployments have no prometheus pod annotations
annotations {
input.spec.template.metadata.annotations["prometheus.io/scrape"]
input.spec.template.metadata.annotations["prometheus.io/port"]
}
warn[msg] {
kubernetes.is_deployment
not annotations
msg = sprintf("Deployment %s should set prometheus.io/scrape and prometheus.io/port pod annotations", [name])
}

5
.github/workflows/cve-scan.yml vendored
View File

@@ -5,12 +5,15 @@ on:
branches:
- 'master'
permissions:
contents: read
jobs:
trivy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Build image
id: build
run: |

14
.github/workflows/e2e.yml vendored
View File

@@ -6,26 +6,30 @@ on:
branches:
- 'master'
permissions:
contents: read
jobs:
kind-helm:
strategy:
matrix:
helm-version:
- 3.8.1
- v3.11.0
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup Kubernetes
uses: engineerd/setup-kind@v0.5.0
uses: helm/kind-action@v1.5.0
with:
version: v0.11.1
version: v0.17.0
cluster_name: kind
- name: Build container image
run: |
./test/build.sh
kind load docker-image test/podinfo:latest
- name: Setup Helm
uses: ./.github/actions/helm
uses: azure/setup-helm@v3
with:
version: ${{ matrix.helm-version }}
- name: Deploy

84
.github/workflows/release.yml vendored
View File

@@ -14,28 +14,32 @@ jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: imjasonh/setup-crane@v0.1
- uses: actions/checkout@v3
- uses: sigstore/cosign-installer@main
- name: Setup Helm
uses: ./.github/actions/helm
- uses: fluxcd/flux2/action@main
- name: Setup Go
uses: actions/setup-go@v3
with:
version: 3.8.1
go-version: 1.19.x
- name: Setup Helm
uses: azure/setup-helm@v3
with:
version: v3.10.3
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
@@ -46,43 +50,55 @@ jobs:
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF/refs\/tags\//}
fi
echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ::set-output name=VERSION::${VERSION}
- name: Publish multi-arch image
uses: docker/build-push-action@v2
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
echo "REVISION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
- name: Generate images meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
docker.io/stefanprodan/podinfo
ghcr.io/stefanprodan/podinfo
tags: |
type=raw,value=${{ steps.prep.outputs.VERSION }}
type=raw,value=latest
- name: Publish multi-arch image
uses: docker/build-push-action@v3
with:
sbom: true
provenance: true
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile.xx
build-args: |
REVISION=${{ steps.prep.outputs.REVISION }}
platforms: linux/amd64,linux/arm/v7,linux/arm64
tags: |
docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
docker.io/stefanprodan/podinfo:latest
ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Publish Helm chart to GHCR
run: |
helm package charts/podinfo
helm push podinfo-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/stefanprodan/charts
rm podinfo-${{ steps.prep.outputs.VERSION }}.tgz
- name: Sign images
- name: Publish Flux OCI artifact to GHCR
run: |
flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} \
--path="./kustomize" \
--source="${{ github.event.repository.html_url }}" \
--revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
flux tag artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --tag latest
- name: Sign OCI artifacts
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
cosign sign docker.io/stefanprodan/podinfo:latest
cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }}
cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }}
- name: Publish base image
uses: docker/build-push-action@v2
uses: docker/build-push-action@v3
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
@@ -96,11 +112,11 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Publish config artifact
run: |
cd kustomize
tar -cf config.tar * --numeric-owner --owner=0 --group=0
crane append -f config.tar -t ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
crane tag ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} latest
rm config.tar
flux push artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} \
--path="./kustomize" \
--source="${{ github.event.repository.html_url }}" \
--revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
flux tag artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --tag latest
- name: Sign config artifact
run: |
echo "$COSIGN_KEY" > /tmp/cosign.key
@@ -115,7 +131,7 @@ jobs:
echo 'CHANGELOG' > /tmp/release.txt
github-release-notes -org stefanprodan -repo podinfo -since-latest-release >> /tmp/release.txt
- name: Publish release
uses: goreleaser/goreleaser-action@v1
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --release-notes=/tmp/release.txt --skip-validate

56
.github/workflows/test.yml vendored
View File

@@ -6,26 +6,51 @@ on:
branches:
- 'master'
permissions:
contents: read
env:
KUBERNETES_VERSION: 1.26.0
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Restore Go cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-
- name: Setup Go
uses: actions/setup-go@v2
uses: actions/setup-go@v3
with:
go-version: 1.17.x
- name: Run unit tests
run: make test
go-version: 1.19.x
- name: Setup kubectl
uses: azure/setup-kubectl@v3
with:
version: v${{ env.KUBERNETES_VERSION }}
- name: Setup kubeconform
uses: ./.github/actions/kubeconform
- name: Setup Helm
uses: azure/setup-helm@v3
with:
version: v3.10.3
- name: Setup CUE
uses: cue-lang/setup-cue@main
- name: Run unit tests
run: make test
- name: Validate Helm chart
run: |
helm lint ./charts/podinfo/
helm template ./charts/podinfo/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
- name: Validate Kustomize overlay
run: |
kubectl kustomize ./kustomize/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
- name: Generate CUE definitions
run: make cue-mod
- name: Verify CUE formatting
working-directory: ./cue
run: |
@@ -39,25 +64,12 @@ jobs:
}
- name: Validate CUE
working-directory: ./cue
run: cue vet --all-errors --concrete .
run: |
cue vet --all-errors --concrete .
cue gen | kubeconform -strict -summary -skip=ServiceMonitor -kubernetes-version ${{ env.KUBERNETES_VERSION }}
- name: Check if working tree is dirty
run: |
if [[ $(git diff --stat) != '' ]]; then
echo 'run make test and commit changes'
exit 1
fi
- name: Validate Helm chart
uses: stefanprodan/kube-tools@v1
with:
kubectl: 1.19.11
helm: 2.17.0
helmv3: 3.6.0
command: |
helmv3 template ./charts/podinfo | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
- name: Validate kustomization
uses: stefanprodan/kube-tools@v1
with:
kubectl: 1.19.11
command: |
kustomize build ./kustomize | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
kustomize build ./kustomize | conftest test -p .github/policy -

3
.gitignore vendored
View File

@@ -19,4 +19,5 @@ release/
build/
gcloud/
dist/
bin/
bin/
cue/cue.mod/gen/

4
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.17-alpine as builder
FROM golang:1.19-alpine as builder
ARG REVISION
@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podcli cmd/podcli/*
FROM alpine:3.15
FROM alpine:3.17
ARG BUILD_DATE
ARG VERSION

2
Dockerfile.base
View File

@@ -1,4 +1,4 @@
FROM golang:1.17
FROM golang:1.19
WORKDIR /workspace

4
Dockerfile.xx
View File

@@ -1,4 +1,4 @@
ARG GO_VERSION=1.17
ARG GO_VERSION=1.19
ARG XX_VERSION=1.1.0
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
@@ -28,7 +28,7 @@ RUN xx-go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podcli cmd/podcli/*
FROM alpine:3.15
FROM alpine:3.17
ARG BUILD_DATE
ARG VERSION

17
Makefile
View File

@@ -24,7 +24,10 @@ build:
GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podcli ./cmd/podcli/*
tidy:
rm -f go.sum; go mod tidy -compat=1.17
rm -f go.sum; go mod tidy -compat=1.19
vet:
go vet ./...
fmt:
gofmt -l -s -w ./
@@ -87,10 +90,16 @@ release:
git push origin $(VERSION)
swagger:
go get github.com/swaggo/swag/cmd/swag
go install github.com/swaggo/swag/cmd/swag@latest
go get github.com/swaggo/swag/gen@latest
go get github.com/swaggo/swag/cmd/swag@latest
cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go
.PHONY: cue
cue:
.PHONY: cue-mod
cue-mod:
@cd cue && cue get go k8s.io/api/...
.PHONY: cue-gen
cue-gen:
@cd cue && cue fmt ./... && cue vet --all-errors --concrete ./...
@cd cue && cue gen

8
README.md
View File

@@ -20,11 +20,11 @@ Specifications:
* 12-factor app with viper
* Fault injection (random errors and latency)
* Swagger docs
* Helm and Kustomize installers
* CUE, Helm and Kustomize installers
* End-to-End testing with Kubernetes Kind and Helm
* Kustomize testing with GitHub Actions and Open Policy Agent
* Multi-arch container image with Docker buildx and Github Actions
* Container image signing with Sigstore cosign
* SBOMs and SLSA Provenance embedded in the container image
* CVE scanning with Trivy
Web API:
@@ -76,6 +76,8 @@ To access the Swagger UI open `<podinfo-host>/swagger/index.html` in a browser.
### Install
To install Podinfo on Kubernetes the minimum required version is **Kubernetes v1.23**.
#### Helm
Install from github.io:
@@ -89,7 +91,7 @@ helm upgrade --install --wait frontend \
--set backend=http://backend-podinfo:9898/echo \
podinfo/podinfo
helm test frontend
helm test frontend --namespace test
helm upgrade --install --wait backend \
--namespace test \

6
charts/podinfo/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
version: 6.1.3
appVersion: 6.1.3
version: 6.3.2
appVersion: 6.3.2
name: podinfo
engine: gotpl
description: Podinfo Helm chart for Kubernetes
@@ -10,4 +10,4 @@ maintainers:
name: stefanprodan
sources:
- https://github.com/stefanprodan/podinfo
kubeVersion: ">=1.19.0-0"
kubeVersion: ">=1.23.0-0"

137
charts/podinfo/README.md
View File

@@ -9,7 +9,23 @@ for end-to-end testing and workshops.
## Installing the Chart
To install the chart with the release name `my-release`:
The Podinfo charts are published to
[GitHub Container Registry](https://github.com/stefanprodan/podinfo/pkgs/container/charts%2Fpodinfo)
and signed with [Cosign](https://github.com/sigstore/cosign) & GitHub Actions OIDC.
To install the chart with the release name `my-release` from GHCR:
```console
$ helm upgrade -i my-release oci://ghcr.io/stefanprodan/charts/podinfo
```
To verify a chart with Cosign:
```console
$ cosign verify ghcr.io/stefanprodan/charts/podinfo:<VERSION>
```
Alternatively, you can install the chart from GitHub pages:
```console
$ helm repo add podinfo https://stefanprodan.github.io/podinfo
@@ -34,60 +50,61 @@ The command removes all the Kubernetes components associated with the chart and
The following tables lists the configurable parameters of the podinfo chart and their default values.
Parameter | Default | Description
--- | --- | ---
`replicaCount` | `1` | Desired number of pods
`logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error`
`backend` | `None` | Echo backend URL
`backends` | `[]` | Array of echo backend URLs
`cache` | `None` | Redis address in the format `tcp://<host>:<port>`
`redis.enabled` | `false` | Create Redis deployment for caching purposes
`ui.color` | `#34577c` | UI color
`ui.message` | `None` | UI greetings message
`ui.logo` | `None` | UI logo
`faults.delay` | `false` | Random HTTP response delays between 0 and 5 seconds
`faults.error` | `false` | 1/3 chances of a random HTTP response error
`faults.unhealthy` | `false` | When set, the healthy state is never reached
`faults.unready` | `false` | When set, the ready state is never reached
`faults.testFail` | `false` | When set, a helm test is included which always fails
`faults.testTimeout` | `false` | When set, a helm test is included which always times out
`image.repository` | `stefanprodan/podinfo` | Image repository
`image.tag` | `<VERSION>` | Image tag
`image.pullPolicy` | `IfNotPresent` | Image pull policy
`service.enabled` | `true` | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app)
`service.type` | `ClusterIP` | Type of the Kubernetes Service
`service.metricsPort` | `9797` | Prometheus metrics endpoint port
`service.httpPort` | `9898` | Container HTTP port
`service.externalPort` | `9898` | ClusterIP HTTP port
`service.grpcPort` | `9999` | ClusterIP gPRC port
`service.grpcService` | `podinfo` | gPRC service name
`service.nodePort` | `31198` | NodePort for the HTTP endpoint
`h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2)
`hpa.enabled` | `false` | Enables the Kubernetes HPA
`hpa.maxReplicas` | `10` | Maximum amount of pods
`hpa.cpu` | `None` | Target CPU usage per pod
`hpa.memory` | `None` | Target memory usage per pod
`hpa.requests` | `None` | Target HTTP requests per second per pod
`serviceAccount.enabled` | `false` | Whether a service account should be created
`serviceAccount.name` | `None` | The name of the service account to use, if not set and create is true, a name is generated using the fullname template
`securityContext` | `{}` | The security context to be set on the podinfo container
`linkerd.profile.enabled` | `false` | Create Linkerd service profile
`serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created
`serviceMonitor.interval` | `15s` | Prometheus scraping interval
`serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
`ingress.enabled` | `false` | Enables Ingress
`ingress.className ` | `""` | Use ingressClassName
`ingress.annotations` | `{}` | Ingress annotations
`ingress.hosts` | `[]` | Ingress accepted hosts
`ingress.tls` | `[]` | Ingress TLS configuration
`resources.requests.cpu` | `1m` | Pod CPU request
`resources.requests.memory` | `16Mi` | Pod memory request
`resources.limits.cpu` | `None` | Pod CPU limit
`resources.limits.memory` | `None` | Pod memory limit
`nodeSelector` | `{}` | Node labels for pod assignment
`tolerations` | `[]` | List of node taints to tolerate
`affinity` | `None` | Node/pod affinities
`podAnnotations` | `{}` | Pod annotations
| Parameter | Default | Description |
|-----------------------------------|------------------------|------------------------------------------------------------------------------------------------------------------------|
| `replicaCount` | `1` | Desired number of pods |
| `logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error` |
| `backend` | `None` | Echo backend URL |
| `backends` | `[]` | Array of echo backend URLs |
| `cache` | `None` | Redis address in the format `tcp://<host>:<port>` |
| `redis.enabled` | `false` | Create Redis deployment for caching purposes |
| `ui.color` | `#34577c` | UI color |
| `ui.message` | `None` | UI greetings message |
| `ui.logo` | `None` | UI logo |
| `faults.delay` | `false` | Random HTTP response delays between 0 and 5 seconds |
| `faults.error` | `false` | 1/3 chances of a random HTTP response error |
| `faults.unhealthy` | `false` | When set, the healthy state is never reached |
| `faults.unready` | `false` | When set, the ready state is never reached |
| `faults.testFail` | `false` | When set, a helm test is included which always fails |
| `faults.testTimeout` | `false` | When set, a helm test is included which always times out |
| `image.repository` | `stefanprodan/podinfo` | Image repository |
| `image.tag` | `<VERSION>` | Image tag |
| `image.pullPolicy` | `IfNotPresent` | Image pull policy |
| `service.enabled` | `true` | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app) |
| `service.type` | `ClusterIP` | Type of the Kubernetes Service |
| `service.metricsPort` | `9797` | Prometheus metrics endpoint port |
| `service.httpPort` | `9898` | Container HTTP port |
| `service.externalPort` | `9898` | ClusterIP HTTP port |
| `service.grpcPort` | `9999` | ClusterIP gPRC port |
| `service.grpcService` | `podinfo` | gPRC service name |
| `service.nodePort` | `31198` | NodePort for the HTTP endpoint |
| `h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2) |
| `hpa.enabled` | `false` | Enables the Kubernetes HPA |
| `hpa.maxReplicas` | `10` | Maximum amount of pods |
| `hpa.cpu` | `None` | Target CPU usage per pod |
| `hpa.memory` | `None` | Target memory usage per pod |
| `hpa.requests` | `None` | Target HTTP requests per second per pod |
| `serviceAccount.enabled` | `false` | Whether a service account should be created |
| `serviceAccount.name` | `None` | The name of the service account to use, if not set and create is true, a name is generated using the fullname template |
| `serviceAccount.imagePullSecrets` | `[]` | List of image pull secrets if pulling from private registries. |
| `securityContext` | `{}` | The security context to be set on the podinfo container |
| `linkerd.profile.enabled` | `false` | Create Linkerd service profile |
| `serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created |
| `serviceMonitor.interval` | `15s` | Prometheus scraping interval |
| `serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
| `ingress.enabled` | `false` | Enables Ingress |
| `ingress.className ` | `""` | Use ingressClassName |
| `ingress.annotations` | `{}` | Ingress annotations |
| `ingress.hosts` | `[]` | Ingress accepted hosts |
| `ingress.tls` | `[]` | Ingress TLS configuration |
| `resources.requests.cpu` | `1m` | Pod CPU request |
| `resources.requests.memory` | `16Mi` | Pod memory request |
| `resources.limits.cpu` | `None` | Pod CPU limit |
| `resources.limits.memory` | `None` | Pod memory limit |
| `nodeSelector` | `{}` | Node labels for pod assignment |
| `tolerations` | `[]` | List of node taints to tolerate |
| `affinity` | `None` | Node/pod affinities |
| `podAnnotations` | `{}` | Pod annotations |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -111,13 +128,3 @@ $ helm install my-release podinfo/podinfo -f values.yaml
> **Tip**: You can use the default [values.yaml](values.yaml)
## Upgrading the chart
### To =< 5.0.0
Version 5.0.0 is a major update.
* The chart now follows the new Kubernetes label recommendations:
<https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/>
The simplest way to update is to do a force upgrade, which recreates the resources by doing a delete and an install.

18
charts/podinfo/templates/deployment.yaml
View File

@@ -136,8 +136,13 @@ spec:
- check
- http
- localhost:{{ .Values.service.httpPort | default 9898 }}/healthz
initialDelaySeconds: 1
timeoutSeconds: 5
{{- with .Values.probes.liveness }}
initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
timeoutSeconds: {{ .timeoutSeconds | default 5 }}
failureThreshold: {{ .failureThreshold | default 3 }}
successThreshold: {{ .successThreshold | default 1 }}
periodSeconds: {{ .periodSeconds | default 10 }}
{{- end }}
readinessProbe:
exec:
command:
@@ -145,8 +150,13 @@ spec:
- check
- http
- localhost:{{ .Values.service.httpPort | default 9898 }}/readyz
initialDelaySeconds: 1
timeoutSeconds: 5
{{- with .Values.probes.readiness }}
initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
timeoutSeconds: {{ .timeoutSeconds | default 5 }}
failureThreshold: {{ .failureThreshold | default 3 }}
successThreshold: {{ .successThreshold | default 1 }}
periodSeconds: {{ .periodSeconds | default 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /data

2
charts/podinfo/templates/hpa.yaml
View File

@@ -1,5 +1,5 @@
{{- if .Values.hpa.enabled -}}
apiVersion: autoscaling/v2beta2
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "podinfo.fullname" . }}

4
charts/podinfo/templates/serviceaccount.yaml
View File

@@ -5,4 +5,8 @@ metadata:
name: {{ template "podinfo.serviceAccountName" . }}
labels:
{{- include "podinfo.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- end -}}

6
charts/podinfo/values-prod.yaml
View File

@@ -8,7 +8,7 @@ backends: []
image:
repository: ghcr.io/stefanprodan/podinfo
tag: 6.1.3
tag: 6.3.2
pullPolicy: IfNotPresent
ui:
@@ -83,7 +83,7 @@ cache: ""
redis:
enabled: true
repository: redis
tag: 6.0.8
tag: 7.0.7
serviceAccount:
# Specifies whether a service account should be created
@@ -91,6 +91,8 @@ serviceAccount:
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# List of image pull secrets if pulling from private registries
imagePullSecrets: []
# set container security context
securityContext: {}

21
charts/podinfo/values.yaml
View File

@@ -8,7 +8,7 @@ backends: []
image:
repository: ghcr.io/stefanprodan/podinfo
tag: 6.1.3
tag: 6.3.2
pullPolicy: IfNotPresent
ui:
@@ -87,7 +87,7 @@ cache: ""
redis:
enabled: false
repository: redis
tag: 6.0.8
tag: 7.0.7
serviceAccount:
# Specifies whether a service account should be created
@@ -95,6 +95,8 @@ serviceAccount:
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# List of image pull secrets if pulling from private registries
imagePullSecrets: []
# set container security context
securityContext: {}
@@ -138,3 +140,18 @@ tolerations: []
affinity: {}
podAnnotations: {}
# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
probes:
readiness:
initialDelaySeconds: 1
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
periodSeconds: 10
liveness:
initialDelaySeconds: 1
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
periodSeconds: 10

15
cmd/podinfo/main.go
View File

@@ -2,7 +2,6 @@ package main
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strconv"
@@ -18,6 +17,7 @@ import (
"github.com/stefanprodan/podinfo/pkg/grpc"
"github.com/stefanprodan/podinfo/pkg/signals"
"github.com/stefanprodan/podinfo/pkg/version"
go_grpc "google.golang.org/grpc"
)
func main() {
@@ -33,7 +33,7 @@ func main() {
fs.StringSlice("backend-url", []string{}, "backend service URL")
fs.Duration("http-client-timeout", 2*time.Minute, "client timeout duration")
fs.Duration("http-server-timeout", 30*time.Second, "server read and write timeout duration")
fs.Duration("http-server-shutdown-timeout", 5*time.Second, "server graceful shutdown timeout duration")
fs.Duration("server-shutdown-timeout", 5*time.Second, "server graceful shutdown timeout duration")
fs.String("data-path", "/data", "data local path")
fs.String("config-path", "", "config dir path")
fs.String("cert-path", "/data/cert", "certificate path for HTTPS port")
@@ -135,9 +135,10 @@ func main() {
}
// start gRPC server
var grpcServer *go_grpc.Server
if grpcCfg.Port > 0 {
grpcSrv, _ := grpc.NewServer(&grpcCfg, logger)
go grpcSrv.ListenAndServe()
grpcServer = grpcSrv.ListenAndServe()
}
// load HTTP server config
@@ -155,8 +156,12 @@ func main() {
// start HTTP server
srv, _ := api.NewServer(&srvCfg, logger)
httpServer, httpsServer, healthy, ready := srv.ListenAndServe()
// graceful shutdown
stopCh := signals.SetupSignalHandler()
srv.ListenAndServe(stopCh)
sd, _ := signals.NewShutdown(srvCfg.ServerShutdownTimeout, logger)
sd.Graceful(stopCh, httpServer, httpsServer, grpcServer, healthy, ready)
}
func initZap(logLevel string) (*zap.Logger, error) {
@@ -238,7 +243,7 @@ func beginStressTest(cpus int, mem int, logger *zap.Logger) {
logger.Error("memory stress failed", zap.Error(err))
}
stressMemoryPayload, err = ioutil.ReadFile(path)
stressMemoryPayload, err = os.ReadFile(path)
f.Close()
os.Remove(path)
if err != nil {

51
cue/README.md
View File

@@ -1,12 +1,55 @@
# CUE Demo
# Podinfo CUE module
This directory contains a [cuelang module](https://cuelang.org/docs/) and tooling to generate podinfo resources.
This directory contains a [CUE](https://cuelang.org/docs/) module and tooling
for generating podinfo's Kubernetes resources.
It defines a `podinfo.#Application` definition which takes a `podinfo.#Config` as input. The `podinfo.#Config` definition is modelled on the `podinfo` Helm chart `values.yaml` file.
The module contains a `podinfo.#Application` definition which takes `podinfo.#Config` as input.
## Prerequisites
Install CUE with:
```shell
brew install cue
```
Generate the Kubernetes API definitions required by this module with:
```shell
cue get go k8s.io/api/...
```
## Configuration
Configure the application in `main.cue`.
Configure the application in `main.cue`:
```cue
app: podinfo.#Application & {
config: {
meta: {
name: "podinfo"
namespace: "default"
}
image: tag: "6.1.3"
resources: requests: {
cpu: "100m"
memory: "16Mi"
}
hpa: {
enabled: true
maxReplicas: 3
}
ingress: {
enabled: true
className: "nginx"
host: "podinfo.example.com"
tls: true
annotations: "cert-manager.io/cluster-issuer": "letsencrypt"
}
serviceMonitor: enabled: true
}
}
```
## Generate the manifests

7
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/acme/v1/const_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/acme/v1
package v1
#ACMEFinalizer: "finalizer.acme.cert-manager.io"

8
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/acme/v1/doc_go_gen.cue
View File

@@ -1,8 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/acme/v1
// Package v1 is the v1 version of the API.
// +k8s:deepcopy-gen=package,register
// +groupName=acme.cert-manager.io
package v1

128
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_challenge_go_gen.cue
View File

@@ -1,128 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/acme/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// Challenge is a type to represent a Challenge request with an ACME server
// +k8s:openapi-gen=true
// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state"
// +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName"
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=challenges
#Challenge: {
metav1.#TypeMeta
metadata: metav1.#ObjectMeta @go(ObjectMeta)
spec: #ChallengeSpec @go(Spec)
// +optional
status: #ChallengeStatus @go(Status)
}
// ChallengeList is a list of Challenges
#ChallengeList: {
metav1.#TypeMeta
metadata: metav1.#ListMeta @go(ListMeta)
items: [...#Challenge] @go(Items,[]Challenge)
}
#ChallengeSpec: {
// The URL of the ACME Challenge resource for this challenge.
// This can be used to lookup details about the status of this challenge.
url: string @go(URL)
// The URL to the ACME Authorization resource that this
// challenge is a part of.
authorizationURL: string @go(AuthorizationURL)
// dnsName is the identifier that this challenge is for, e.g. example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
dnsName: string @go(DNSName)
// wildcard will be true if this challenge is for a wildcard identifier,
// for example '*.example.com'.
// +optional
wildcard: bool @go(Wildcard)
// The type of ACME challenge this resource represents.
// One of "HTTP-01" or "DNS-01".
type: #ACMEChallengeType @go(Type)
// The ACME challenge token for this challenge.
// This is the raw value returned from the ACME server.
token: string @go(Token)
// The ACME challenge key for this challenge
// For HTTP01 challenges, this is the value that must be responded with to
// complete the HTTP01 challenge in the format:
// `<private key JWK thumbprint>.<key from acme server for challenge>`.
// For DNS01 challenges, this is the base64 encoded SHA256 sum of the
// `<private key JWK thumbprint>.<key from acme server for challenge>`
// text that must be set as the TXT record content.
key: string @go(Key)
// Contains the domain solving configuration that should be used to
// solve this challenge resource.
solver: #ACMEChallengeSolver @go(Solver)
// References a properly configured ACME-type Issuer which should
// be used to create this Challenge.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Challenge will be marked as failed.
issuerRef: cmmeta.#ObjectReference @go(IssuerRef)
}
// The type of ACME challenge. Only HTTP-01 and DNS-01 are supported.
// +kubebuilder:validation:Enum=HTTP-01;DNS-01
#ACMEChallengeType: string // #enumACMEChallengeType
#enumACMEChallengeType:
#ACMEChallengeTypeHTTP01 |
#ACMEChallengeTypeDNS01
// ACMEChallengeTypeHTTP01 denotes a Challenge is of type http-01
// More info: https://letsencrypt.org/docs/challenge-types/#http-01-challenge
#ACMEChallengeTypeHTTP01: #ACMEChallengeType & "HTTP-01"
// ACMEChallengeTypeDNS01 denotes a Challenge is of type dns-01
// More info: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
#ACMEChallengeTypeDNS01: #ACMEChallengeType & "DNS-01"
#ChallengeStatus: {
// Used to denote whether this challenge should be processed or not.
// This field will only be set to true by the 'scheduling' component.
// It will only be set to false by the 'challenges' controller, after the
// challenge has reached a final state or timed out.
// If this field is set to false, the challenge controller will not take
// any more action.
// +optional
processing: bool @go(Processing)
// presented will be set to true if the challenge values for this challenge
// are currently 'presented'.
// This *does not* imply the self check is passing. Only that the values
// have been 'submitted' for the appropriate challenge mechanism (i.e. the
// DNS01 TXT record has been presented, or the HTTP01 configuration has been
// configured).
// +optional
presented: bool @go(Presented)
// Contains human readable information on why the Challenge is in the
// current state.
// +optional
reason?: string @go(Reason)
// Contains the current 'state' of the challenge.
// If not set, the state of the challenge is unknown.
// +optional
state?: #State @go(State)
}

41
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_go_gen.cue
View File

@@ -1,41 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/acme/v1
package v1
// ACMECertificateHTTP01IngressNameOverride is annotation to override ingress name.
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.name field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users of Ingress controllers that maintain
// a 1:1 mapping between endpoint IP and Ingress resource.
#ACMECertificateHTTP01IngressNameOverride: "acme.cert-manager.io/http01-override-ingress-name"
// ACMECertificateHTTP01IngressClassOverride is annotation to override ingress class.
// If this annotation is specified on a Certificate or Order resource when
// using the HTTP01 solver type, the ingress.class field of the HTTP01
// solver's configuration will be set to the value given here.
// This is especially useful for users deploying many different ingress
// classes into a single cluster that want to be able to re-use a single
// solver for each ingress class.
#ACMECertificateHTTP01IngressClassOverride: "acme.cert-manager.io/http01-override-ingress-class"
// IngressEditInPlaceAnnotationKey is used to toggle the use of ingressClass instead
// of ingress on the created Certificate resource
#IngressEditInPlaceAnnotationKey: "acme.cert-manager.io/http01-edit-in-place"
// DomainLabelKey is added to the labels of a Pod serving an ACME challenge.
// Its value will be the hash of the domain name that is being verified.
#DomainLabelKey: "acme.cert-manager.io/http-domain"
// TokenLabelKey is added to the labels of a Pod serving an ACME challenge.
// Its value will be the hash of the challenge token that is being served by the pod.
#TokenLabelKey: "acme.cert-manager.io/http-token"
// SolverIdentificationLabelKey is added to the labels of a Pod serving an ACME challenge.
// Its value will be the "true" if the Pod is an HTTP-01 solver.
#SolverIdentificationLabelKey: "acme.cert-manager.io/http01-solver"
#OrderKind: "Order"
#ChallengeKind: "Challenge"

591
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_issuer_go_gen.cue
View File

@@ -1,591 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/acme/v1
package v1
import (
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
corev1 "k8s.io/api/core/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)
// ACMEIssuer contains the specification for an ACME issuer.
// This uses the RFC8555 specification to obtain certificates by completing
// 'challenges' to prove ownership of domain identifiers.
// Earlier draft versions of the ACME specification are not supported.
#ACMEIssuer: {
// Email is the email address to be associated with the ACME account.
// This field is optional, but it is strongly recommended to be set.
// It will be used to contact you in case of issues with your account or
// certificates, including expiry notification emails.
// This field may be updated after the account is initially registered.
// +optional
email?: string @go(Email)
// Server is the URL used to access the ACME server's 'directory' endpoint.
// For example, for Let's Encrypt's staging endpoint, you would use:
// "https://acme-staging-v02.api.letsencrypt.org/directory".
// Only ACME v2 endpoints (i.e. RFC 8555) are supported.
server: string @go(Server)
// PreferredChain is the chain to use if the ACME server outputs multiple.
// PreferredChain is no guarantee that this one gets delivered by the ACME
// endpoint.
// For example, for Let's Encrypt's DST crosssign you would use:
// "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
// This value picks the first certificate bundle in the ACME alternative
// chains that has a certificate with this value as its issuer's CN
// +optional
// +kubebuilder:validation:MaxLength=64
preferredChain: string @go(PreferredChain)
// Enables or disables validation of the ACME server TLS certificate.
// If true, requests to the ACME server will not have their TLS certificate
// validated (i.e. insecure connections will be allowed).
// Only enable this option in development environments.
// The cert-manager system installed roots will be used to verify connections
// to the ACME server if this is false.
// Defaults to false.
// +optional
skipTLSVerify?: bool @go(SkipTLSVerify)
// ExternalAccountBinding is a reference to a CA external account of the ACME
// server.
// If set, upon registration cert-manager will attempt to associate the given
// external account credentials with the registered ACME account.
// +optional
externalAccountBinding?: null | #ACMEExternalAccountBinding @go(ExternalAccountBinding,*ACMEExternalAccountBinding)
// PrivateKey is the name of a Kubernetes Secret resource that will be used to
// store the automatically generated ACME account private key.
// Optionally, a `key` may be specified to select a specific entry within
// the named Secret resource.
// If `key` is not specified, a default of `tls.key` will be used.
privateKeySecretRef: cmmeta.#SecretKeySelector @go(PrivateKey)
// Solvers is a list of challenge solvers that will be used to solve
// ACME challenges for the matching domains.
// Solver configurations must be provided in order to obtain certificates
// from an ACME server.
// For more information, see: https://cert-manager.io/docs/configuration/acme/
// +optional
solvers?: [...#ACMEChallengeSolver] @go(Solvers,[]ACMEChallengeSolver)
// Enables or disables generating a new ACME account key.
// If true, the Issuer resource will *not* request a new account but will expect
// the account key to be supplied via an existing secret.
// If false, the cert-manager system will generate a new ACME account key
// for the Issuer.
// Defaults to false.
// +optional
disableAccountKeyGeneration?: bool @go(DisableAccountKeyGeneration)
// Enables requesting a Not After date on certificates that matches the
// duration of the certificate. This is not supported by all ACME servers
// like Let's Encrypt. If set to true when the ACME server does not support
// it it will create an error on the Order.
// Defaults to false.
// +optional
enableDurationFeature?: bool @go(EnableDurationFeature)
}
// ACMEExternalAccountBinding is a reference to a CA external account of the ACME
// server.
#ACMEExternalAccountBinding: {
// keyID is the ID of the CA key that the External Account is bound to.
keyID: string @go(KeyID)
// keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes
// Secret which holds the symmetric MAC key of the External Account Binding.
// The `key` is the index string that is paired with the key data in the
// Secret and should not be confused with the key data itself, or indeed with
// the External Account Binding keyID above.
// The secret key stored in the Secret **must** be un-padded, base64 URL
// encoded data.
keySecretRef: cmmeta.#SecretKeySelector @go(Key)
// Deprecated: keyAlgorithm field exists for historical compatibility
// reasons and should not be used. The algorithm is now hardcoded to HS256
// in golang/x/crypto/acme.
// +optional
keyAlgorithm?: #HMACKeyAlgorithm @go(KeyAlgorithm)
}
// HMACKeyAlgorithm is the name of a key algorithm used for HMAC encryption
// +kubebuilder:validation:Enum=HS256;HS384;HS512
#HMACKeyAlgorithm: string // #enumHMACKeyAlgorithm
#enumHMACKeyAlgorithm:
#HS256 |
#HS384 |
#HS512
#HS256: #HMACKeyAlgorithm & "HS256"
#HS384: #HMACKeyAlgorithm & "HS384"
#HS512: #HMACKeyAlgorithm & "HS512"
// An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of.
// A selector may be provided to use different solving strategies for different DNS names.
// Only one of HTTP01 or DNS01 must be provided.
#ACMEChallengeSolver: {
// Selector selects a set of DNSNames on the Certificate resource that
// should be solved using this challenge solver.
// If not specified, the solver will be treated as the 'default' solver
// with the lowest priority, i.e. if any other solver has a more specific
// match, it will be used instead.
// +optional
selector?: null | #CertificateDNSNameSelector @go(Selector,*CertificateDNSNameSelector)
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// +optional
http01?: null | #ACMEChallengeSolverHTTP01 @go(HTTP01,*ACMEChallengeSolverHTTP01)
// Configures cert-manager to attempt to complete authorizations by
// performing the DNS01 challenge flow.
// +optional
dns01?: null | #ACMEChallengeSolverDNS01 @go(DNS01,*ACMEChallengeSolverDNS01)
}
// CertificateDNSNameSelector selects certificates using a label selector, and
// can optionally select individual DNS names within those certificates.
// If both MatchLabels and DNSNames are empty, this selector will match all
// certificates and DNS names within them.
#CertificateDNSNameSelector: {
// A label selector that is used to refine the set of certificate's that
// this challenge solver will apply to.
// +optional
matchLabels?: {[string]: string} @go(MatchLabels,map[string]string)
// List of DNSNames that this solver will be used to solve.
// If specified and a match is found, a dnsNames selector will take
// precedence over a dnsZones selector.
// If multiple solvers match with the same dnsNames value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
dnsNames?: [...string] @go(DNSNames,[]string)
// List of DNSZones that this solver will be used to solve.
// The most specific DNS zone match specified here will take precedence
// over other DNS zone matches, so a solver specifying sys.example.com
// will be selected over one specifying example.com for the domain
// www.sys.example.com.
// If multiple solvers match with the same dnsZones value, the solver
// with the most matching labels in matchLabels will be selected.
// If neither has more matches, the solver defined earlier in the list
// will be selected.
// +optional
dnsZones?: [...string] @go(DNSZones,[]string)
}
// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve
// HTTP01 challenges within a Kubernetes cluster.
// Typically this is accomplished through creating 'routes' of some description
// that configure ingress controllers to direct traffic to 'solver pods', which
// are responsible for responding to the ACME server's HTTP requests.
// Only one of Ingress / Gateway can be specified.
#ACMEChallengeSolverHTTP01: {
// The ingress based HTTP01 challenge solver will solve challenges by
// creating or modifying Ingress resources in order to route requests for
// '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are
// provisioned by cert-manager for each Challenge to be completed.
// +optional
ingress?: null | #ACMEChallengeSolverHTTP01Ingress @go(Ingress,*ACMEChallengeSolverHTTP01Ingress)
// The Gateway API is a sig-network community API that models service networking
// in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will
// create HTTPRoutes with the specified labels in the same namespace as the challenge.
// This solver is experimental, and fields / behaviour may change in the future.
// +optional
gatewayHTTPRoute?: null | #ACMEChallengeSolverHTTP01GatewayHTTPRoute @go(GatewayHTTPRoute,*ACMEChallengeSolverHTTP01GatewayHTTPRoute)
}
#ACMEChallengeSolverHTTP01Ingress: {
// Optional service type for Kubernetes solver service. Supported values
// are NodePort or ClusterIP. If unset, defaults to NodePort.
// +optional
serviceType?: corev1.#ServiceType @go(ServiceType)
// The ingress class to use when creating Ingress resources to solve ACME
// challenges that use this challenge solver.
// Only one of 'class' or 'name' may be specified.
// +optional
class?: null | string @go(Class,*string)
// The name of the ingress resource that should have ACME challenge solving
// routes inserted into it in order to solve HTTP01 challenges.
// This is typically used in conjunction with ingress controllers like
// ingress-gce, which maintains a 1:1 mapping between external IPs and
// ingress resources.
// +optional
name?: string @go(Name)
// Optional pod template used to configure the ACME challenge solver pods
// used for HTTP01 challenges.
// +optional
podTemplate?: null | #ACMEChallengeSolverHTTP01IngressPodTemplate @go(PodTemplate,*ACMEChallengeSolverHTTP01IngressPodTemplate)
// Optional ingress template used to configure the ACME challenge solver
// ingress used for HTTP01 challenges.
// +optional
ingressTemplate?: null | #ACMEChallengeSolverHTTP01IngressTemplate @go(IngressTemplate,*ACMEChallengeSolverHTTP01IngressTemplate)
}
// The ACMEChallengeSolverHTTP01GatewayHTTPRoute solver will create HTTPRoute objects for a Gateway class
// routing to an ACME challenge solver pod.
#ACMEChallengeSolverHTTP01GatewayHTTPRoute: {
// Optional service type for Kubernetes solver service. Supported values
// are NodePort or ClusterIP. If unset, defaults to NodePort.
// +optional
serviceType?: corev1.#ServiceType @go(ServiceType)
// The labels that cert-manager will use when creating the temporary
// HTTPRoute needed for solving the HTTP-01 challenge. These labels
// must match the label selector of at least one Gateway.
labels?: {[string]: string} @go(Labels,map[string]string)
}
#ACMEChallengeSolverHTTP01IngressPodTemplate: {
// ObjectMeta overrides for the pod used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
metadata: #ACMEChallengeSolverHTTP01IngressPodObjectMeta @go(ACMEChallengeSolverHTTP01IngressPodObjectMeta)
// PodSpec defines overrides for the HTTP01 challenge solver pod.
// Only the 'priorityClassName', 'nodeSelector', 'affinity',
// 'serviceAccountName' and 'tolerations' fields are supported currently.
// All other fields will be ignored.
// +optional
spec: #ACMEChallengeSolverHTTP01IngressPodSpec @go(Spec)
}
#ACMEChallengeSolverHTTP01IngressPodObjectMeta: {
// Annotations that should be added to the create ACME HTTP01 solver pods.
// +optional
annotations?: {[string]: string} @go(Annotations,map[string]string)
// Labels that should be added to the created ACME HTTP01 solver pods.
// +optional
labels?: {[string]: string} @go(Labels,map[string]string)
}
#ACMEChallengeSolverHTTP01IngressPodSpec: {
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string)
// If specified, the pod's scheduling constraints
// +optional
affinity?: null | corev1.#Affinity @go(Affinity,*corev1.Affinity)
// If specified, the pod's tolerations.
// +optional
tolerations?: [...corev1.#Toleration] @go(Tolerations,[]corev1.Toleration)
// If specified, the pod's priorityClassName.
// +optional
priorityClassName?: string @go(PriorityClassName)
// If specified, the pod's service account
// +optional
serviceAccountName?: string @go(ServiceAccountName)
}
#ACMEChallengeSolverHTTP01IngressTemplate: {
// ObjectMeta overrides for the ingress used to solve HTTP01 challenges.
// Only the 'labels' and 'annotations' fields may be set.
// If labels or annotations overlap with in-built values, the values here
// will override the in-built values.
// +optional
metadata: #ACMEChallengeSolverHTTP01IngressObjectMeta @go(ACMEChallengeSolverHTTP01IngressObjectMeta)
}
#ACMEChallengeSolverHTTP01IngressObjectMeta: {
// Annotations that should be added to the created ACME HTTP01 solver ingress.
// +optional
annotations?: {[string]: string} @go(Annotations,map[string]string)
// Labels that should be added to the created ACME HTTP01 solver ingress.
// +optional
labels?: {[string]: string} @go(Labels,map[string]string)
}
// Used to configure a DNS01 challenge provider to be used when solving DNS01
// challenges.
// Only one DNS provider may be configured per solver.
#ACMEChallengeSolverDNS01: {
// CNAMEStrategy configures how the DNS01 provider should handle CNAME
// records when found in DNS zones.
// +optional
cnameStrategy?: #CNAMEStrategy @go(CNAMEStrategy)
// Use the Akamai DNS zone management API to manage DNS01 challenge records.
// +optional
akamai?: null | #ACMEIssuerDNS01ProviderAkamai @go(Akamai,*ACMEIssuerDNS01ProviderAkamai)
// Use the Google Cloud DNS API to manage DNS01 challenge records.
// +optional
cloudDNS?: null | #ACMEIssuerDNS01ProviderCloudDNS @go(CloudDNS,*ACMEIssuerDNS01ProviderCloudDNS)
// Use the Cloudflare API to manage DNS01 challenge records.
// +optional
cloudflare?: null | #ACMEIssuerDNS01ProviderCloudflare @go(Cloudflare,*ACMEIssuerDNS01ProviderCloudflare)
// Use the AWS Route53 API to manage DNS01 challenge records.
// +optional
route53?: null | #ACMEIssuerDNS01ProviderRoute53 @go(Route53,*ACMEIssuerDNS01ProviderRoute53)
// Use the Microsoft Azure DNS API to manage DNS01 challenge records.
// +optional
azureDNS?: null | #ACMEIssuerDNS01ProviderAzureDNS @go(AzureDNS,*ACMEIssuerDNS01ProviderAzureDNS)
// Use the DigitalOcean DNS API to manage DNS01 challenge records.
// +optional
digitalocean?: null | #ACMEIssuerDNS01ProviderDigitalOcean @go(DigitalOcean,*ACMEIssuerDNS01ProviderDigitalOcean)
// Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage
// DNS01 challenge records.
// +optional
acmeDNS?: null | #ACMEIssuerDNS01ProviderAcmeDNS @go(AcmeDNS,*ACMEIssuerDNS01ProviderAcmeDNS)
// Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/)
// to manage DNS01 challenge records.
// +optional
rfc2136?: null | #ACMEIssuerDNS01ProviderRFC2136 @go(RFC2136,*ACMEIssuerDNS01ProviderRFC2136)
// Configure an external webhook based DNS01 challenge solver to manage
// DNS01 challenge records.
// +optional
webhook?: null | #ACMEIssuerDNS01ProviderWebhook @go(Webhook,*ACMEIssuerDNS01ProviderWebhook)
}
// CNAMEStrategy configures how the DNS01 provider should handle CNAME records
// when found in DNS zones.
// By default, the None strategy will be applied (i.e. do not follow CNAMEs).
// +kubebuilder:validation:Enum=None;Follow
#CNAMEStrategy: string
// NoneStrategy indicates that no CNAME resolution strategy should be used
// when determining which DNS zone to update during DNS01 challenges.
#NoneStrategy: "None"
// FollowStrategy will cause cert-manager to recurse through CNAMEs in
// order to determine which DNS zone to update during DNS01 challenges.
// This is useful if you do not want to grant cert-manager access to your
// root DNS zone, and instead delegate the _acme-challenge.example.com
// subdomain to some other, less privileged domain.
#FollowStrategy: "Follow"
// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS
// configuration for Akamai DNS—Zone Record Management API
#ACMEIssuerDNS01ProviderAkamai: {
serviceConsumerDomain: string @go(ServiceConsumerDomain)
clientTokenSecretRef: cmmeta.#SecretKeySelector @go(ClientToken)
clientSecretSecretRef: cmmeta.#SecretKeySelector @go(ClientSecret)
accessTokenSecretRef: cmmeta.#SecretKeySelector @go(AccessToken)
}
// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS
// configuration for Google Cloud DNS
#ACMEIssuerDNS01ProviderCloudDNS: {
// +optional
serviceAccountSecretRef?: null | cmmeta.#SecretKeySelector @go(ServiceAccount,*cmmeta.SecretKeySelector)
project: string @go(Project)
// HostedZoneName is an optional field that tells cert-manager in which
// Cloud DNS zone the challenge record has to be created.
// If left empty cert-manager will automatically choose a zone.
// +optional
hostedZoneName?: string @go(HostedZoneName)
}
// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS
// configuration for Cloudflare.
// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided.
#ACMEIssuerDNS01ProviderCloudflare: {
// Email of the account, only required when using API key based authentication.
// +optional
email?: string @go(Email)
// API key to use to authenticate with Cloudflare.
// Note: using an API token to authenticate is now the recommended method
// as it allows greater control of permissions.
// +optional
apiKeySecretRef?: null | cmmeta.#SecretKeySelector @go(APIKey,*cmmeta.SecretKeySelector)
// API token used to authenticate with Cloudflare.
// +optional
apiTokenSecretRef?: null | cmmeta.#SecretKeySelector @go(APIToken,*cmmeta.SecretKeySelector)
}
// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS
// configuration for DigitalOcean Domains
#ACMEIssuerDNS01ProviderDigitalOcean: {
tokenSecretRef: cmmeta.#SecretKeySelector @go(Token)
}
// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53
// configuration for AWS
#ACMEIssuerDNS01ProviderRoute53: {
// The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
accessKeyID?: string @go(AccessKeyID)
// The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata
// https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
// +optional
secretAccessKeySecretRef: cmmeta.#SecretKeySelector @go(SecretAccessKey)
// Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey
// or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata
// +optional
role?: string @go(Role)
// If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.
// +optional
hostedZoneID?: string @go(HostedZoneID)
// Always set the region when using AccessKeyID and SecretAccessKey
region: string @go(Region)
}
// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the
// configuration for Azure DNS
#ACMEIssuerDNS01ProviderAzureDNS: {
// if both this and ClientSecret are left unset MSI will be used
// +optional
clientID?: string @go(ClientID)
// if both this and ClientID are left unset MSI will be used
// +optional
clientSecretSecretRef?: null | cmmeta.#SecretKeySelector @go(ClientSecret,*cmmeta.SecretKeySelector)
// ID of the Azure subscription
subscriptionID: string @go(SubscriptionID)
// when specifying ClientID and ClientSecret then this field is also needed
// +optional
tenantID?: string @go(TenantID)
// resource group the DNS zone is located in
resourceGroupName: string @go(ResourceGroupName)
// name of the DNS zone that should be used
// +optional
hostedZoneName?: string @go(HostedZoneName)
// name of the Azure environment (default AzurePublicCloud)
// +optional
environment?: #AzureDNSEnvironment @go(Environment)
// managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID
// +optional
managedIdentity?: null | #AzureManagedIdentity @go(ManagedIdentity,*AzureManagedIdentity)
}
#AzureManagedIdentity: {
// client ID of the managed identity, can not be used at the same time as resourceID
// +optional
clientID?: string @go(ClientID)
// resource ID of the managed identity, can not be used at the same time as clientID
// +optional
resourceID?: string @go(ResourceID)
}
// +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud
#AzureDNSEnvironment: string // #enumAzureDNSEnvironment
#enumAzureDNSEnvironment:
#AzurePublicCloud |
#AzureChinaCloud |
#AzureGermanCloud |
#AzureUSGovernmentCloud
#AzurePublicCloud: #AzureDNSEnvironment & "AzurePublicCloud"
#AzureChinaCloud: #AzureDNSEnvironment & "AzureChinaCloud"
#AzureGermanCloud: #AzureDNSEnvironment & "AzureGermanCloud"
#AzureUSGovernmentCloud: #AzureDNSEnvironment & "AzureUSGovernmentCloud"
// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the
// configuration for ACME-DNS servers
#ACMEIssuerDNS01ProviderAcmeDNS: {
host: string @go(Host)
accountSecretRef: cmmeta.#SecretKeySelector @go(AccountSecret)
}
// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the
// configuration for RFC2136 DNS
#ACMEIssuerDNS01ProviderRFC2136: {
// The IP address or hostname of an authoritative DNS server supporting
// RFC2136 in the form host:port. If the host is an IPv6 address it must be
// enclosed in square brackets (e.g [2001:db8::1]) ; port is optional.
// This field is required.
nameserver: string @go(Nameserver)
// The name of the secret containing the TSIG value.
// If ``tsigKeyName`` is defined, this field is required.
// +optional
tsigSecretSecretRef?: cmmeta.#SecretKeySelector @go(TSIGSecret)
// The TSIG Key name configured in the DNS.
// If ``tsigSecretSecretRef`` is defined, this field is required.
// +optional
tsigKeyName?: string @go(TSIGKeyName)
// The TSIG Algorithm configured in the DNS supporting RFC2136. Used only
// when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined.
// Supported values are (case-insensitive): ``HMACMD5`` (default),
// ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.
// +optional
tsigAlgorithm?: string @go(TSIGAlgorithm)
}
// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01
// provider, including where to POST ChallengePayload resources.
#ACMEIssuerDNS01ProviderWebhook: {
// The API group name that should be used when POSTing ChallengePayload
// resources to the webhook apiserver.
// This should be the same as the GroupName specified in the webhook
// provider implementation.
groupName: string @go(GroupName)
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
solverName: string @go(SolverName)
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.
// +optional
config?: null | apiextensionsv1.#JSON @go(Config,*apiextensionsv1.JSON)
}
#ACMEIssuerStatus: {
// URI is the unique account identifier, which can also be used to retrieve
// account details from the CA
// +optional
uri?: string @go(URI)
// LastRegisteredEmail is the email associated with the latest registered
// ACME account, in order to track changes made to registered account
// associated with the Issuer
// +optional
lastRegisteredEmail?: string @go(LastRegisteredEmail)
}

228
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/acme/v1/types_order_go_gen.cue
View File

@@ -1,228 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/acme/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// Order is a type to represent an Order with an ACME server
// +k8s:openapi-gen=true
#Order: {
metav1.#TypeMeta
metadata: metav1.#ObjectMeta @go(ObjectMeta)
spec: #OrderSpec @go(Spec)
// +optional
status: #OrderStatus @go(Status)
}
// OrderList is a list of Orders
#OrderList: {
metav1.#TypeMeta
metadata: metav1.#ListMeta @go(ListMeta)
items: [...#Order] @go(Items,[]Order)
}
#OrderSpec: {
// Certificate signing request bytes in DER encoding.
// This will be used when finalizing the order.
// This field must be set on the order.
request: bytes @go(Request,[]byte)
// IssuerRef references a properly configured ACME-type Issuer which should
// be used to create this Order.
// If the Issuer does not exist, processing will be retried.
// If the Issuer is not an 'ACME' Issuer, an error will be returned and the
// Order will be marked as failed.
issuerRef: cmmeta.#ObjectReference @go(IssuerRef)
// CommonName is the common name as specified on the DER encoded CSR.
// If specified, this value must also be present in `dnsNames` or `ipAddresses`.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
commonName?: string @go(CommonName)
// DNSNames is a list of DNS names that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
//+optional
dnsNames?: [...string] @go(DNSNames,[]string)
// IPAddresses is a list of IP addresses that should be included as part of the Order
// validation process.
// This field must match the corresponding field on the DER encoded CSR.
// +optional
ipAddresses?: [...string] @go(IPAddresses,[]string)
// Duration is the duration for the not after date for the requested certificate.
// this is set on order creation as pe the ACME spec.
// +optional
duration?: null | metav1.#Duration @go(Duration,*metav1.Duration)
}
#OrderStatus: {
// URL of the Order.
// This will initially be empty when the resource is first created.
// The Order controller will populate this field when the Order is first processed.
// This field will be immutable after it is initially set.
// +optional
url?: string @go(URL)
// FinalizeURL of the Order.
// This is used to obtain certificates for this order once it has been completed.
// +optional
finalizeURL?: string @go(FinalizeURL)
// Authorizations contains data returned from the ACME server on what
// authorizations must be completed in order to validate the DNS names
// specified on the Order.
// +optional
authorizations?: [...#ACMEAuthorization] @go(Authorizations,[]ACMEAuthorization)
// Certificate is a copy of the PEM encoded certificate for this Order.
// This field will be populated after the order has been successfully
// finalized with the ACME server, and the order has transitioned to the
// 'valid' state.
// +optional
certificate?: bytes @go(Certificate,[]byte)
// State contains the current state of this Order resource.
// States 'success' and 'expired' are 'final'
// +optional
state?: #State @go(State)
// Reason optionally provides more information about a why the order is in
// the current state.
// +optional
reason?: string @go(Reason)
// FailureTime stores the time that this order failed.
// This is used to influence garbage collection and back-off.
// +optional
failureTime?: null | metav1.#Time @go(FailureTime,*metav1.Time)
}
// ACMEAuthorization contains data returned from the ACME server on an
// authorization that must be completed in order validate a DNS name on an ACME
// Order resource.
#ACMEAuthorization: {
// URL is the URL of the Authorization that must be completed
url: string @go(URL)
// Identifier is the DNS name to be validated as part of this authorization
// +optional
identifier?: string @go(Identifier)
// Wildcard will be true if this authorization is for a wildcard DNS name.
// If this is true, the identifier will be the *non-wildcard* version of
// the DNS name.
// For example, if '*.example.com' is the DNS name being validated, this
// field will be 'true' and the 'identifier' field will be 'example.com'.
// +optional
wildcard?: null | bool @go(Wildcard,*bool)
// InitialState is the initial state of the ACME authorization when first
// fetched from the ACME server.
// If an Authorization is already 'valid', the Order controller will not
// create a Challenge resource for the authorization. This will occur when
// working with an ACME server that enables 'authz reuse' (such as Let's
// Encrypt's production endpoint).
// If not set and 'identifier' is set, the state is assumed to be pending
// and a Challenge will be created.
// +optional
initialState?: #State @go(InitialState)
// Challenges specifies the challenge types offered by the ACME server.
// One of these challenge types will be selected when validating the DNS
// name and an appropriate Challenge resource will be created to perform
// the ACME challenge process.
// +optional
challenges?: [...#ACMEChallenge] @go(Challenges,[]ACMEChallenge)
}
// Challenge specifies a challenge offered by the ACME server for an Order.
// An appropriate Challenge resource can be created to perform the ACME
// challenge process.
#ACMEChallenge: {
// URL is the URL of this challenge. It can be used to retrieve additional
// metadata about the Challenge from the ACME server.
url: string @go(URL)
// Token is the token that must be presented for this challenge.
// This is used to compute the 'key' that must also be presented.
token: string @go(Token)
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values
// will be ignored.
type: string @go(Type)
}
// State represents the state of an ACME resource, such as an Order.
// The possible options here map to the corresponding values in the
// ACME specification.
// Full details of these values can be found here: https://tools.ietf.org/html/draft-ietf-acme-acme-15#section-7.1.6
// Clients utilising this type must also gracefully handle unknown
// values, as the contents of this enumeration may be added to over time.
// +kubebuilder:validation:Enum=valid;ready;pending;processing;invalid;expired;errored
#State: string // #enumState
#enumState:
#Unknown |
#Valid |
#Ready |
#Pending |
#Processing |
#Invalid |
#Expired |
#Errored
// Unknown is not a real state as part of the ACME spec.
// It is used to represent an unrecognised value.
#Unknown: #State & ""
// Valid signifies that an ACME resource is in a valid state.
// If an order is 'valid', it has been finalized with the ACME server and
// the certificate can be retrieved from the ACME server using the
// certificate URL stored in the Order's status subresource.
// This is a final state.
#Valid: #State & "valid"
// Ready signifies that an ACME resource is in a ready state.
// If an order is 'ready', all of its challenges have been completed
// successfully and the order is ready to be finalized.
// Once finalized, it will transition to the Valid state.
// This is a transient state.
#Ready: #State & "ready"
// Pending signifies that an ACME resource is still pending and is not yet ready.
// If an Order is marked 'Pending', the validations for that Order are still in progress.
// This is a transient state.
#Pending: #State & "pending"
// Processing signifies that an ACME resource is being processed by the server.
// If an Order is marked 'Processing', the validations for that Order are currently being processed.
// This is a transient state.
#Processing: #State & "processing"
// Invalid signifies that an ACME resource is invalid for some reason.
// If an Order is marked 'invalid', one of its validations be have invalid for some reason.
// This is a final state.
#Invalid: #State & "invalid"
// Expired signifies that an ACME resource has expired.
// If an Order is marked 'Expired', one of its validations may have expired or the Order itself.
// This is a final state.
#Expired: #State & "expired"
// Errored signifies that the ACME resource has errored for some reason.
// This is a catch-all state, and is used for marking internal cert-manager
// errors such as validation failures.
// This is a final state.
#Errored: #State & "errored"

27
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/const_go_gen.cue
View File

@@ -1,27 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
package v1
import "time"
// minimum permitted certificate duration by cert-manager
#MinimumCertificateDuration: time.#Duration & 3600000000000
// default certificate duration if Issuer.spec.duration is not set
#DefaultCertificateDuration: time.#Duration & 7776000000000000
// minimum certificate duration before certificate expiration
#MinimumRenewBefore: time.#Duration & 300000000000
// Deprecated: the default is now 2/3 of Certificate's duration
#DefaultRenewBefore: time.#Duration & 2592000000000000
// Default index key for the Secret reference for Token authentication
#DefaultVaultTokenAuthSecretKey: "token"
// Default mount path location for Kubernetes ServiceAccount authentication
// (/v1/auth/kubernetes). The endpoint will then be called at `/login`, so
// left as the default, `/v1/auth/kubernetes/login` will be called.
#DefaultVaultKubernetesAuthMountPath: "/v1/auth/kubernetes"

9
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/doc_go_gen.cue
View File

@@ -1,9 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
// Package v1 is the v1 version of the API.
// +k8s:deepcopy-gen=package,register
// +groupName=cert-manager.io
// +groupGoName=Certmanager
package v1

7
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/generic_issuer_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
package v1
#GenericIssuer: _

496
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_certificate_go_gen.cue
View File

@@ -1,496 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// A Certificate resource should be created to ensure an up to date and signed
// x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
//
// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
// +k8s:openapi-gen=true
#Certificate: {
metav1.#TypeMeta
metadata?: metav1.#ObjectMeta @go(ObjectMeta)
// Desired state of the Certificate resource.
spec: #CertificateSpec @go(Spec)
// Status of the Certificate. This is set and managed automatically.
// +optional
status: #CertificateStatus @go(Status)
}
// CertificateList is a list of Certificates
#CertificateList: {
metav1.#TypeMeta
metadata: metav1.#ListMeta @go(ListMeta)
items: [...#Certificate] @go(Items,[]Certificate)
}
// +kubebuilder:validation:Enum=RSA;ECDSA;Ed25519
#PrivateKeyAlgorithm: string // #enumPrivateKeyAlgorithm
#enumPrivateKeyAlgorithm:
#RSAKeyAlgorithm |
#ECDSAKeyAlgorithm |
#Ed25519KeyAlgorithm
// Denotes the RSA private key type.
#RSAKeyAlgorithm: #PrivateKeyAlgorithm & "RSA"
// Denotes the ECDSA private key type.
#ECDSAKeyAlgorithm: #PrivateKeyAlgorithm & "ECDSA"
// Denotes the Ed25519 private key type.
#Ed25519KeyAlgorithm: #PrivateKeyAlgorithm & "Ed25519"
// +kubebuilder:validation:Enum=PKCS1;PKCS8
#PrivateKeyEncoding: string // #enumPrivateKeyEncoding
#enumPrivateKeyEncoding:
#PKCS1 |
#PKCS8
// PKCS1 key encoding will produce PEM files that include the type of
// private key as part of the PEM header, e.g. `BEGIN RSA PRIVATE KEY`.
// If the keyAlgorithm is set to 'ECDSA', this will produce private keys
// that use the `BEGIN EC PRIVATE KEY` header.
#PKCS1: #PrivateKeyEncoding & "PKCS1"
// PKCS8 key encoding will produce PEM files with the `BEGIN PRIVATE KEY`
// header. It encodes the keyAlgorithm of the private key as part of the
// DER encoded PEM block.
#PKCS8: #PrivateKeyEncoding & "PKCS8"
// CertificateSpec defines the desired state of Certificate.
// A valid Certificate requires at least one of a CommonName, DNSName, or
// URISAN to be valid.
#CertificateSpec: {
// Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).
// +optional
subject?: null | #X509Subject @go(Subject,*X509Subject)
// CommonName is a common name to be used on the Certificate.
// The CommonName should have a length of 64 characters or fewer to avoid
// generating invalid CSRs.
// This value is ignored by TLS clients when any subject alt name is set.
// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
// +optional
commonName?: string @go(CommonName)
// The requested 'duration' (i.e. lifetime) of the Certificate. This option
// may be ignored/overridden by some issuer types. If unset this defaults to
// 90 days. Certificate will be renewed either 2/3 through its duration or
// `renewBefore` period before its expiry, whichever is later. Minimum
// accepted duration is 1 hour. Value must be in units accepted by Go
// time.ParseDuration https://golang.org/pkg/time/#ParseDuration
// +optional
duration?: null | metav1.#Duration @go(Duration,*metav1.Duration)
// How long before the currently issued certificate's expiry
// cert-manager should renew the certificate. The default is 2/3 of the
// issued certificate's duration. Minimum accepted value is 5 minutes.
// Value must be in units accepted by Go time.ParseDuration
// https://golang.org/pkg/time/#ParseDuration
// +optional
renewBefore?: null | metav1.#Duration @go(RenewBefore,*metav1.Duration)
// DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
// +optional
dnsNames?: [...string] @go(DNSNames,[]string)
// IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
// +optional
ipAddresses?: [...string] @go(IPAddresses,[]string)
// URIs is a list of URI subjectAltNames to be set on the Certificate.
// +optional
uris?: [...string] @go(URIs,[]string)
// EmailAddresses is a list of email subjectAltNames to be set on the Certificate.
// +optional
emailAddresses?: [...string] @go(EmailAddresses,[]string)
// SecretName is the name of the secret resource that will be automatically
// created and managed by this Certificate resource.
// It will be populated with a private key and certificate, signed by the
// denoted issuer.
secretName: string @go(SecretName)
// SecretTemplate defines annotations and labels to be copied to the
// Certificate's Secret. Labels and annotations on the Secret will be changed
// as they appear on the SecretTemplate when added or removed. SecretTemplate
// annotations are added in conjunction with, and cannot overwrite, the base
// set of annotations cert-manager sets on the Certificate's Secret.
// +optional
secretTemplate?: null | #CertificateSecretTemplate @go(SecretTemplate,*CertificateSecretTemplate)
// Keystores configures additional keystore output formats stored in the
// `secretName` Secret resource.
// +optional
keystores?: null | #CertificateKeystores @go(Keystores,*CertificateKeystores)
// IssuerRef is a reference to the issuer for this certificate.
// If the `kind` field is not set, or set to `Issuer`, an Issuer resource
// with the given name in the same namespace as the Certificate will be used.
// If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the
// provided name will be used.
// The `name` field in this stanza is required at all times.
issuerRef: cmmeta.#ObjectReference @go(IssuerRef)
// IsCA will mark this Certificate as valid for certificate signing.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
isCA?: bool @go(IsCA)
// Usages is the set of x509 usages that are requested for the certificate.
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
usages?: [...#KeyUsage] @go(Usages,[]KeyUsage)
// Options to control private keys used for the Certificate.
// +optional
privateKey?: null | #CertificatePrivateKey @go(PrivateKey,*CertificatePrivateKey)
// EncodeUsagesInRequest controls whether key usages should be present
// in the CertificateRequest
// +optional
encodeUsagesInRequest?: null | bool @go(EncodeUsagesInRequest,*bool)
// revisionHistoryLimit is the maximum number of CertificateRequest revisions
// that are maintained in the Certificate's history. Each revision represents
// a single `CertificateRequest` created by this Certificate, either when it
// was created, renewed, or Spec was changed. Revisions will be removed by
// oldest first if the number of revisions exceeds this number. If set,
// revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`),
// revisions will not be garbage collected. Default value is `nil`.
// +kubebuilder:validation:ExclusiveMaximum=false
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32)
// AdditionalOutputFormats defines extra output formats of the private key
// and signed certificate chain to be written to this Certificate's target
// Secret. This is an Alpha Feature and is only enabled with the
// `--feature-gates=AdditionalCertificateOutputFormats=true` option on both
// the controller and webhook components.
// +optional
additionalOutputFormats?: [...#CertificateAdditionalOutputFormat] @go(AdditionalOutputFormats,[]CertificateAdditionalOutputFormat)
}
// CertificatePrivateKey contains configuration options for private keys
// used by the Certificate controller.
// This allows control of how private keys are rotated.
#CertificatePrivateKey: {
// RotationPolicy controls how private keys should be regenerated when a
// re-issuance is being processed.
// If set to Never, a private key will only be generated if one does not
// already exist in the target `spec.secretName`. If one does exists but it
// does not have the correct algorithm or size, a warning will be raised
// to await user intervention.
// If set to Always, a private key matching the specified requirements
// will be generated whenever a re-issuance occurs.
// Default is 'Never' for backward compatibility.
// +optional
rotationPolicy?: #PrivateKeyRotationPolicy @go(RotationPolicy)
// The private key cryptography standards (PKCS) encoding for this
// certificate's private key to be encoded in.
// If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1
// and PKCS#8, respectively.
// Defaults to `PKCS1` if not specified.
// +optional
encoding?: #PrivateKeyEncoding @go(Encoding)
// Algorithm is the private key algorithm of the corresponding private key
// for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA`
// If `algorithm` is specified and `size` is not provided,
// key size of 256 will be used for `ECDSA` key algorithm and
// key size of 2048 will be used for `RSA` key algorithm.
// key size is ignored when using the `Ed25519` key algorithm.
// +optional
algorithm?: #PrivateKeyAlgorithm @go(Algorithm)
// Size is the key bit size of the corresponding private key for this certificate.
// If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,
// and will default to `2048` if not specified.
// If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,
// and will default to `256` if not specified.
// If `algorithm` is set to `Ed25519`, Size is ignored.
// No other values are allowed.
// +optional
size?: int @go(Size)
}
// Denotes how private keys should be generated or sourced when a Certificate
// is being issued.
#PrivateKeyRotationPolicy: string
// CertificateOutputFormatType specifies which additional output formats should
// be written to the Certificate's target Secret.
// Allowed values are `DER` or `CombinedPEM`.
// When Type is set to `DER` an additional entry `key.der` will be written to
// the Secret, containing the binary format of the private key.
// When Type is set to `CombinedPEM` an additional entry `tls-combined.pem`
// will be written to the Secret, containing the PEM formatted private key and
// signed certificate chain (tls.key + tls.crt concatenated).
// +kubebuilder:validation:Enum=DER;CombinedPEM
#CertificateOutputFormatType: string // #enumCertificateOutputFormatType
#enumCertificateOutputFormatType:
#CertificateOutputFormatDER |
#CertificateOutputFormatCombinedPEM
// CertificateOutputFormatDERKey is the name of the data entry in the Secret
// resource used to store the DER formatted private key.
#CertificateOutputFormatDERKey: "key.der"
// CertificateOutputFormatDER writes the Certificate's private key in DER
// binary format to the `key.der` target Secret Data key.
#CertificateOutputFormatDER: #CertificateOutputFormatType & "DER"
// CertificateOutputFormatCombinedPEMKey is the name of the data entry in the Secret
// resource used to store the combined PEM (key + signed certificate).
#CertificateOutputFormatCombinedPEMKey: "tls-combined.pem"
// CertificateOutputFormatCombinedPEM writes the Certificate's signed
// certificate chain and private key, in PEM format, to the
// `tls-combined.pem` target Secret Data key. The value at this key will
// include the private key PEM document, followed by at least one new line
// character, followed by the chain of signed certificate PEM documents
// (`<private key> + \n + <signed certificate chain>`).
#CertificateOutputFormatCombinedPEM: #CertificateOutputFormatType & "CombinedPEM"
// CertificateAdditionalOutputFormat defines an additional output format of a
// Certificate resource. These contain supplementary data formats of the signed
// certificate chain and paired private key.
#CertificateAdditionalOutputFormat: {
// Type is the name of the format type that should be written to the
// Certificate's target Secret.
type: #CertificateOutputFormatType @go(Type)
}
// X509Subject Full X509 name specification
#X509Subject: {
// Organizations to be used on the Certificate.
// +optional
organizations?: [...string] @go(Organizations,[]string)
// Countries to be used on the Certificate.
// +optional
countries?: [...string] @go(Countries,[]string)
// Organizational Units to be used on the Certificate.
// +optional
organizationalUnits?: [...string] @go(OrganizationalUnits,[]string)
// Cities to be used on the Certificate.
// +optional
localities?: [...string] @go(Localities,[]string)
// State/Provinces to be used on the Certificate.
// +optional
provinces?: [...string] @go(Provinces,[]string)
// Street addresses to be used on the Certificate.
// +optional
streetAddresses?: [...string] @go(StreetAddresses,[]string)
// Postal codes to be used on the Certificate.
// +optional
postalCodes?: [...string] @go(PostalCodes,[]string)
// Serial number to be used on the Certificate.
// +optional
serialNumber?: string @go(SerialNumber)
}
// CertificateKeystores configures additional keystore output formats to be
// created in the Certificate's output Secret.
#CertificateKeystores: {
// JKS configures options for storing a JKS keystore in the
// `spec.secretName` Secret resource.
// +optional
jks?: null | #JKSKeystore @go(JKS,*JKSKeystore)
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
// +optional
pkcs12?: null | #PKCS12Keystore @go(PKCS12,*PKCS12Keystore)
}
// JKS configures options for storing a JKS keystore in the `spec.secretName`
// Secret resource.
#JKSKeystore: {
// Create enables JKS keystore creation for the Certificate.
// If true, a file named `keystore.jks` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
// A file named `truststore.jks` will also be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef` containing the issuing Certificate Authority
create: bool @go(Create)
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the JKS keystore.
passwordSecretRef: cmmeta.#SecretKeySelector @go(PasswordSecretRef)
}
// PKCS12 configures options for storing a PKCS12 keystore in the
// `spec.secretName` Secret resource.
#PKCS12Keystore: {
// Create enables PKCS12 keystore creation for the Certificate.
// If true, a file named `keystore.p12` will be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef`.
// The keystore file will only be updated upon re-issuance.
// A file named `truststore.p12` will also be created in the target
// Secret resource, encrypted using the password stored in
// `passwordSecretRef` containing the issuing Certificate Authority
create: bool @go(Create)
// PasswordSecretRef is a reference to a key in a Secret resource
// containing the password used to encrypt the PKCS12 keystore.
passwordSecretRef: cmmeta.#SecretKeySelector @go(PasswordSecretRef)
}
// CertificateStatus defines the observed state of Certificate
#CertificateStatus: {
// List of status conditions to indicate the status of certificates.
// Known condition types are `Ready` and `Issuing`.
// +optional
conditions?: [...#CertificateCondition] @go(Conditions,[]CertificateCondition)
// LastFailureTime is the time as recorded by the Certificate controller
// of the most recent failure to complete a CertificateRequest for this
// Certificate resource.
// If set, cert-manager will not re-request another Certificate until
// 1 hour has elapsed from this time.
// +optional
lastFailureTime?: null | metav1.#Time @go(LastFailureTime,*metav1.Time)
// The time after which the certificate stored in the secret named
// by this resource in spec.secretName is valid.
// +optional
notBefore?: null | metav1.#Time @go(NotBefore,*metav1.Time)
// The expiration time of the certificate stored in the secret named
// by this resource in `spec.secretName`.
// +optional
notAfter?: null | metav1.#Time @go(NotAfter,*metav1.Time)
// RenewalTime is the time at which the certificate will be next
// renewed.
// If not set, no upcoming renewal is scheduled.
// +optional
renewalTime?: null | metav1.#Time @go(RenewalTime,*metav1.Time)
// The current 'revision' of the certificate as issued.
//
// When a CertificateRequest resource is created, it will have the
// `cert-manager.io/certificate-revision` set to one greater than the
// current value of this field.
//
// Upon issuance, this field will be set to the value of the annotation
// on the CertificateRequest resource used to issue the certificate.
//
// Persisting the value on the CertificateRequest resource allows the
// certificates controller to know whether a request is part of an old
// issuance or if it is part of the ongoing revision's issuance by
// checking if the revision value in the annotation is greater than this
// field.
// +optional
revision?: null | int @go(Revision,*int)
// The name of the Secret resource containing the private key to be used
// for the next certificate iteration.
// The keymanager controller will automatically set this field if the
// `Issuing` condition is set to `True`.
// It will automatically unset this field when the Issuing condition is
// not set or False.
// +optional
nextPrivateKeySecretName?: null | string @go(NextPrivateKeySecretName,*string)
}
// CertificateCondition contains condition information for an Certificate.
#CertificateCondition: {
// Type of the condition, known values are (`Ready`, `Issuing`).
type: #CertificateConditionType @go(Type)
// Status of the condition, one of (`True`, `False`, `Unknown`).
status: cmmeta.#ConditionStatus @go(Status)
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
lastTransitionTime?: null | metav1.#Time @go(LastTransitionTime,*metav1.Time)
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
reason?: string @go(Reason)
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
message?: string @go(Message)
// If set, this represents the .metadata.generation that the condition was
// set based upon.
// For instance, if .metadata.generation is currently 12, but the
// .status.condition[x].observedGeneration is 9, the condition is out of date
// with respect to the current state of the Certificate.
// +optional
observedGeneration?: int64 @go(ObservedGeneration)
}
// CertificateConditionType represents an Certificate condition value.
#CertificateConditionType: string // #enumCertificateConditionType
#enumCertificateConditionType:
#CertificateConditionReady |
#CertificateConditionIssuing
// CertificateConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target secret exists
// - The target secret contains a certificate that has not expired
// - The target secret contains a private key valid for the certificate
// - The commonName and dnsNames attributes match those specified on the Certificate
#CertificateConditionReady: #CertificateConditionType & "Ready"
// A condition added to Certificate resources when an issuance is required.
// This condition will be automatically added and set to true if:
// * No keypair data exists in the target Secret
// * The data stored in the Secret cannot be decoded
// * The private key and certificate do not have matching public keys
// * If a CertificateRequest for the current revision exists and the
// certificate data stored in the Secret does not match the
// `status.certificate` on the CertificateRequest.
// * If no CertificateRequest resource exists for the current revision,
// the options on the Certificate resource are compared against the
// x509 data in the Secret, similar to what's done in earlier versions.
// If there is a mismatch, an issuance is triggered.
// This condition may also be added by external API consumers to trigger
// a re-issuance manually for any other reason.
//
// It will be removed by the 'issuing' controller upon completing issuance.
#CertificateConditionIssuing: #CertificateConditionType & "Issuing"
// CertificateSecretTemplate defines the default labels and annotations
// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`.
#CertificateSecretTemplate: {
// Annotations is a key value map to be copied to the target Kubernetes Secret.
// +optional
annotations?: {[string]: string} @go(Annotations,map[string]string)
// Labels is a key value map to be copied to the target Kubernetes Secret.
// +optional
labels?: {[string]: string} @go(Labels,map[string]string)
}

195
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest_go_gen.cue
View File

@@ -1,195 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// Pending indicates that a CertificateRequest is still in progress.
#CertificateRequestReasonPending: "Pending"
// Failed indicates that a CertificateRequest has failed, either due to
// timing out or some other critical failure.
#CertificateRequestReasonFailed: "Failed"
// Issued indicates that a CertificateRequest has been completed, and that
// the `status.certificate` field is set.
#CertificateRequestReasonIssued: "Issued"
// Denied is a Ready condition reason that indicates that a
// CertificateRequest has been denied, and the CertificateRequest will never
// be issued.
#CertificateRequestReasonDenied: "Denied"
// A CertificateRequest is used to request a signed certificate from one of the
// configured issuers.
//
// All fields within the CertificateRequest's `spec` are immutable after creation.
// A CertificateRequest will either succeed or fail, as denoted by its `status.state`
// field.
//
// A CertificateRequest is a one-shot resource, meaning it represents a single
// point in time request for a certificate and cannot be re-used.
// +k8s:openapi-gen=true
#CertificateRequest: {
metav1.#TypeMeta
metadata?: metav1.#ObjectMeta @go(ObjectMeta)
// Desired state of the CertificateRequest resource.
spec: #CertificateRequestSpec @go(Spec)
// Status of the CertificateRequest. This is set and managed automatically.
// +optional
status: #CertificateRequestStatus @go(Status)
}
// CertificateRequestList is a list of Certificates
#CertificateRequestList: {
metav1.#TypeMeta
metadata: metav1.#ListMeta @go(ListMeta)
items: [...#CertificateRequest] @go(Items,[]CertificateRequest)
}
// CertificateRequestSpec defines the desired state of CertificateRequest
#CertificateRequestSpec: {
// The requested 'duration' (i.e. lifetime) of the Certificate.
// This option may be ignored/overridden by some issuer types.
// +optional
duration?: null | metav1.#Duration @go(Duration,*metav1.Duration)
// IssuerRef is a reference to the issuer for this CertificateRequest. If
// the `kind` field is not set, or set to `Issuer`, an Issuer resource with
// the given name in the same namespace as the CertificateRequest will be
// used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with
// the provided name will be used. The `name` field in this stanza is
// required at all times. The group field refers to the API group of the
// issuer which defaults to `cert-manager.io` if empty.
issuerRef: cmmeta.#ObjectReference @go(IssuerRef)
// The PEM-encoded x509 certificate signing request to be submitted to the
// CA for signing.
request: bytes @go(Request,[]byte)
// IsCA will request to mark the certificate as valid for certificate signing
// when submitting to the issuer.
// This will automatically add the `cert sign` usage to the list of `usages`.
// +optional
isCA?: bool @go(IsCA)
// Usages is the set of x509 usages that are requested for the certificate.
// If usages are set they SHOULD be encoded inside the CSR spec
// Defaults to `digital signature` and `key encipherment` if not specified.
// +optional
usages?: [...#KeyUsage] @go(Usages,[]KeyUsage)
// Username contains the name of the user that created the CertificateRequest.
// Populated by the cert-manager webhook on creation and immutable.
// +optional
username?: string @go(Username)
// UID contains the uid of the user that created the CertificateRequest.
// Populated by the cert-manager webhook on creation and immutable.
// +optional
uid?: string @go(UID)
// Groups contains group membership of the user that created the CertificateRequest.
// Populated by the cert-manager webhook on creation and immutable.
// +listType=atomic
// +optional
groups?: [...string] @go(Groups,[]string)
// Extra contains extra attributes of the user that created the CertificateRequest.
// Populated by the cert-manager webhook on creation and immutable.
// +optional
extra?: {[string]: [...string]} @go(Extra,map[string][]string)
}
// CertificateRequestStatus defines the observed state of CertificateRequest and
// resulting signed certificate.
#CertificateRequestStatus: {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready` and `InvalidRequest`.
// +optional
conditions?: [...#CertificateRequestCondition] @go(Conditions,[]CertificateRequestCondition)
// The PEM encoded x509 certificate resulting from the certificate
// signing request.
// If not set, the CertificateRequest has either not been completed or has
// failed. More information on failure can be found by checking the
// `conditions` field.
// +optional
certificate?: bytes @go(Certificate,[]byte)
// The PEM encoded x509 certificate of the signer, also known as the CA
// (Certificate Authority).
// This is set on a best-effort basis by different issuers.
// If not set, the CA is assumed to be unknown/not available.
// +optional
ca?: bytes @go(CA,[]byte)
// FailureTime stores the time that this CertificateRequest failed. This is
// used to influence garbage collection and back-off.
// +optional
failureTime?: null | metav1.#Time @go(FailureTime,*metav1.Time)
}
// CertificateRequestCondition contains condition information for a CertificateRequest.
#CertificateRequestCondition: {
// Type of the condition, known values are (`Ready`, `InvalidRequest`,
// `Approved`, `Denied`).
type: #CertificateRequestConditionType @go(Type)
// Status of the condition, one of (`True`, `False`, `Unknown`).
status: cmmeta.#ConditionStatus @go(Status)
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
lastTransitionTime?: null | metav1.#Time @go(LastTransitionTime,*metav1.Time)
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
reason?: string @go(Reason)
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
message?: string @go(Message)
}
// CertificateRequestConditionType represents an Certificate condition value.
#CertificateRequestConditionType: string // #enumCertificateRequestConditionType
#enumCertificateRequestConditionType:
#CertificateRequestConditionReady |
#CertificateRequestConditionInvalidRequest |
#CertificateRequestConditionApproved |
#CertificateRequestConditionDenied
// CertificateRequestConditionReady indicates that a certificate is ready for use.
// This is defined as:
// - The target certificate exists in CertificateRequest.Status
#CertificateRequestConditionReady: #CertificateRequestConditionType & "Ready"
// CertificateRequestConditionInvalidRequest indicates that a certificate
// signer has refused to sign the request due to at least one of the input
// parameters being invalid. Additional information about why the request
// was rejected can be found in the `reason` and `message` fields.
#CertificateRequestConditionInvalidRequest: #CertificateRequestConditionType & "InvalidRequest"
// CertificateRequestConditionApproved indicates that a certificate request
// is approved and ready for signing. Condition must never have a status of
// `False`, and cannot be modified once set. Cannot be set alongside
// `Denied`.
#CertificateRequestConditionApproved: #CertificateRequestConditionType & "Approved"
// CertificateRequestConditionDenied indicates that a certificate request is
// denied, and must never be signed. Condition must never have a status of
// `False`, and cannot be modified once set. Cannot be set alongside
// `Approved`.
#CertificateRequestConditionDenied: #CertificateRequestConditionType & "Denied"

195
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_go_gen.cue
View File

@@ -1,195 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
package v1
// Annotation key for DNS subjectAltNames.
#AltNamesAnnotationKey: "cert-manager.io/alt-names"
// Annotation key for IP subjectAltNames.
#IPSANAnnotationKey: "cert-manager.io/ip-sans"
// Annotation key for URI subjectAltNames.
#URISANAnnotationKey: "cert-manager.io/uri-sans"
// Annotation key for certificate common name.
#CommonNameAnnotationKey: "cert-manager.io/common-name"
// Duration key for certificate duration.
#DurationAnnotationKey: "cert-manager.io/duration"
// Annotation key for certificate renewBefore.
#RenewBeforeAnnotationKey: "cert-manager.io/renew-before"
// Annotation key for certificate key usages.
#UsagesAnnotationKey: "cert-manager.io/usages"
// Annotation key the 'name' of the Issuer resource.
#IssuerNameAnnotationKey: "cert-manager.io/issuer-name"
// Annotation key for the 'kind' of the Issuer resource.
#IssuerKindAnnotationKey: "cert-manager.io/issuer-kind"
// Annotation key for the 'group' of the Issuer resource.
#IssuerGroupAnnotationKey: "cert-manager.io/issuer-group"
// Annotation key for the name of the certificate that a resource is related to.
#CertificateNameKey: "cert-manager.io/certificate-name"
// Annotation key used to denote whether a Secret is named on a Certificate
// as a 'next private key' Secret resource.
#IsNextPrivateKeySecretLabelKey: "cert-manager.io/next-private-key"
// IngressIssuerNameAnnotationKey holds the issuerNameAnnotation value which can be
// used to override the issuer specified on the created Certificate resource.
#IngressIssuerNameAnnotationKey: "cert-manager.io/issuer"
// IngressClusterIssuerNameAnnotationKey holds the clusterIssuerNameAnnotation value which
// can be used to override the issuer specified on the created Certificate resource. The Certificate
// will reference the specified *ClusterIssuer* instead of normal issuer.
#IngressClusterIssuerNameAnnotationKey: "cert-manager.io/cluster-issuer"
// IngressACMEIssuerHTTP01IngressClassAnnotationKey holds the acmeIssuerHTTP01IngressClassAnnotation value
// which can be used to override the http01 ingressClass if the challenge type is set to http01
#IngressACMEIssuerHTTP01IngressClassAnnotationKey: "acme.cert-manager.io/http01-ingress-class"
// IngressClassAnnotationKey picks a specific "class" for the Ingress. The
// controller only processes Ingresses with this annotation either unset, or
// set to either the configured value or the empty string.
#IngressClassAnnotationKey: "kubernetes.io/ingress.class"
// Annotation added to CertificateRequest resources to denote the name of
// a Secret resource containing the private key used to sign the CSR stored
// on the resource.
// This annotation *may* not be present, and is used by the 'self signing'
// issuer type to self-sign certificates.
#CertificateRequestPrivateKeyAnnotationKey: "cert-manager.io/private-key-secret-name"
// Annotation to declare the CertificateRequest "revision", belonging to a Certificate Resource
#CertificateRequestRevisionAnnotationKey: "cert-manager.io/certificate-revision"
// IssueTemporaryCertificateAnnotation is an annotation that can be added to
// Certificate resources.
// If it is present, a temporary internally signed certificate will be
// stored in the target Secret resource whilst the real Issuer is processing
// the certificate request.
#IssueTemporaryCertificateAnnotation: "cert-manager.io/issue-temporary-certificate"
#ClusterIssuerKind: "ClusterIssuer"
#IssuerKind: "Issuer"
#CertificateKind: "Certificate"
#CertificateRequestKind: "CertificateRequest"
// WantInjectAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a certificate
// as namespace/name. The certificate is expected to have the is-serving-for annotations.
#WantInjectAnnotation: "cert-manager.io/inject-ca-from"
// WantInjectAPIServerCAAnnotation will - if set to "true" - make the cainjector
// inject the CA certificate for the Kubernetes apiserver into the resource.
// It discovers the apiserver's CA by inspecting the service account credentials
// mounted into the cainjector pod.
#WantInjectAPIServerCAAnnotation: "cert-manager.io/inject-apiserver-ca"
// WantInjectFromSecretAnnotation is the annotation that specifies that a particular
// object wants injection of CAs. It takes the form of a reference to a Secret
// as namespace/name.
#WantInjectFromSecretAnnotation: "cert-manager.io/inject-ca-from-secret"
// AllowsInjectionFromSecretAnnotation is an annotation that must be added
// to Secret resource that want to denote that they can be directly
// injected into injectables that have a `inject-ca-from-secret` annotation.
// If an injectable references a Secret that does NOT have this annotation,
// the cainjector will refuse to inject the secret.
#AllowsInjectionFromSecretAnnotation: "cert-manager.io/allow-direct-injection"
// VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer
// This will only work with Venafi TPP v19.3 and higher
// The value is an array with objects containing the name and value keys
// for example: `[{"name": "custom-field", "value": "custom-value"}]`
#VenafiCustomFieldsAnnotationKey: "venafi.cert-manager.io/custom-fields"
// VenafiPickupIDAnnotationKey is the annotation key used to record the
// Venafi Pickup ID of a certificate signing request that has been submitted
// to the Venafi API for collection later.
#VenafiPickupIDAnnotationKey: "venafi.cert-manager.io/pickup-id"
// KeyUsage specifies valid usage contexts for keys.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
// Valid KeyUsage values are as follows:
// "signing",
// "digital signature",
// "content commitment",
// "key encipherment",
// "key agreement",
// "data encipherment",
// "cert sign",
// "crl sign",
// "encipher only",
// "decipher only",
// "any",
// "server auth",
// "client auth",
// "code signing",
// "email protection",
// "s/mime",
// "ipsec end system",
// "ipsec tunnel",
// "ipsec user",
// "timestamping",
// "ocsp signing",
// "microsoft sgc",
// "netscape sgc"
// +kubebuilder:validation:Enum="signing";"digital signature";"content commitment";"key encipherment";"key agreement";"data encipherment";"cert sign";"crl sign";"encipher only";"decipher only";"any";"server auth";"client auth";"code signing";"email protection";"s/mime";"ipsec end system";"ipsec tunnel";"ipsec user";"timestamping";"ocsp signing";"microsoft sgc";"netscape sgc"
#KeyUsage: string // #enumKeyUsage
#enumKeyUsage:
#UsageSigning |
#UsageDigitalSignature |
#UsageContentCommitment |
#UsageKeyEncipherment |
#UsageKeyAgreement |
#UsageDataEncipherment |
#UsageCertSign |
#UsageCRLSign |
#UsageEncipherOnly |
#UsageDecipherOnly |
#UsageAny |
#UsageServerAuth |
#UsageClientAuth |
#UsageCodeSigning |
#UsageEmailProtection |
#UsageSMIME |
#UsageIPsecEndSystem |
#UsageIPsecTunnel |
#UsageIPsecUser |
#UsageTimestamping |
#UsageOCSPSigning |
#UsageMicrosoftSGC |
#UsageNetscapeSGC
#UsageSigning: #KeyUsage & "signing"
#UsageDigitalSignature: #KeyUsage & "digital signature"
#UsageContentCommitment: #KeyUsage & "content commitment"
#UsageKeyEncipherment: #KeyUsage & "key encipherment"
#UsageKeyAgreement: #KeyUsage & "key agreement"
#UsageDataEncipherment: #KeyUsage & "data encipherment"
#UsageCertSign: #KeyUsage & "cert sign"
#UsageCRLSign: #KeyUsage & "crl sign"
#UsageEncipherOnly: #KeyUsage & "encipher only"
#UsageDecipherOnly: #KeyUsage & "decipher only"
#UsageAny: #KeyUsage & "any"
#UsageServerAuth: #KeyUsage & "server auth"
#UsageClientAuth: #KeyUsage & "client auth"
#UsageCodeSigning: #KeyUsage & "code signing"
#UsageEmailProtection: #KeyUsage & "email protection"
#UsageSMIME: #KeyUsage & "s/mime"
#UsageIPsecEndSystem: #KeyUsage & "ipsec end system"
#UsageIPsecTunnel: #KeyUsage & "ipsec tunnel"
#UsageIPsecUser: #KeyUsage & "ipsec user"
#UsageTimestamping: #KeyUsage & "timestamping"
#UsageOCSPSigning: #KeyUsage & "ocsp signing"
#UsageMicrosoftSGC: #KeyUsage & "microsoft sgc"
#UsageNetscapeSGC: #KeyUsage & "netscape sgc"

316
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/certmanager/v1/types_issuer_go_gen.cue
View File

@@ -1,316 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/certmanager/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
)
// A ClusterIssuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is similar to an Issuer, however it is cluster-scoped and therefore can
// be referenced by resources that exist in *any* namespace, not just the same
// namespace as the referent.
#ClusterIssuer: {
metav1.#TypeMeta
metadata?: metav1.#ObjectMeta @go(ObjectMeta)
// Desired state of the ClusterIssuer resource.
spec: #IssuerSpec @go(Spec)
// Status of the ClusterIssuer. This is set and managed automatically.
// +optional
status: #IssuerStatus @go(Status)
}
// ClusterIssuerList is a list of Issuers
#ClusterIssuerList: {
metav1.#TypeMeta
metadata: metav1.#ListMeta @go(ListMeta)
items: [...#ClusterIssuer] @go(Items,[]ClusterIssuer)
}
// An Issuer represents a certificate issuing authority which can be
// referenced as part of `issuerRef` fields.
// It is scoped to a single namespace and can therefore only be referenced by
// resources within the same namespace.
#Issuer: {
metav1.#TypeMeta
metadata?: metav1.#ObjectMeta @go(ObjectMeta)
// Desired state of the Issuer resource.
spec: #IssuerSpec @go(Spec)
// Status of the Issuer. This is set and managed automatically.
// +optional
status: #IssuerStatus @go(Status)
}
// IssuerList is a list of Issuers
#IssuerList: {
metav1.#TypeMeta
metadata: metav1.#ListMeta @go(ListMeta)
items: [...#Issuer] @go(Items,[]Issuer)
}
// IssuerSpec is the specification of an Issuer. This includes any
// configuration required for the issuer.
#IssuerSpec: {
#IssuerConfig
}
// The configuration for the issuer.
// Only one of these can be set.
#IssuerConfig: {
// ACME configures this issuer to communicate with a RFC8555 (ACME) server
// to obtain signed x509 certificates.
// +optional
acme?: null | cmacme.#ACMEIssuer @go(ACME,*cmacme.ACMEIssuer)
// CA configures this issuer to sign certificates using a signing CA keypair
// stored in a Secret resource.
// This is used to build internal PKIs that are managed by cert-manager.
// +optional
ca?: null | #CAIssuer @go(CA,*CAIssuer)
// Vault configures this issuer to sign certificates using a HashiCorp Vault
// PKI backend.
// +optional
vault?: null | #VaultIssuer @go(Vault,*VaultIssuer)
// SelfSigned configures this issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
// +optional
selfSigned?: null | #SelfSignedIssuer @go(SelfSigned,*SelfSignedIssuer)
// Venafi configures this issuer to sign certificates using a Venafi TPP
// or Venafi Cloud policy zone.
// +optional
venafi?: null | #VenafiIssuer @go(Venafi,*VenafiIssuer)
}
// Configures an issuer to sign certificates using a Venafi TPP
// or Cloud policy zone.
#VenafiIssuer: {
// Zone is the Venafi Policy Zone to use for this issuer.
// All requests made to the Venafi platform will be restricted by the named
// zone policy.
// This field is required.
zone: string @go(Zone)
// TPP specifies Trust Protection Platform configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
tpp?: null | #VenafiTPP @go(TPP,*VenafiTPP)
// Cloud specifies the Venafi cloud configuration settings.
// Only one of TPP or Cloud may be specified.
// +optional
cloud?: null | #VenafiCloud @go(Cloud,*VenafiCloud)
}
// VenafiTPP defines connection configuration details for a Venafi TPP instance
#VenafiTPP: {
// URL is the base URL for the vedsdk endpoint of the Venafi TPP instance,
// for example: "https://tpp.example.com/vedsdk".
url: string @go(URL)
// CredentialsRef is a reference to a Secret containing the username and
// password for the TPP server.
// The secret must contain two keys, 'username' and 'password'.
credentialsRef: cmmeta.#LocalObjectReference @go(CredentialsRef)
// CABundle is a PEM encoded TLS certificate to use to verify connections to
// the TPP instance.
// If specified, system roots will not be used and the issuing CA for the
// TPP instance must be verifiable using the provided root.
// If not specified, the connection will be verified using the cert-manager
// system root certificates.
// +optional
caBundle?: bytes @go(CABundle,[]byte)
}
// VenafiCloud defines connection configuration details for Venafi Cloud
#VenafiCloud: {
// URL is the base URL for Venafi Cloud.
// Defaults to "https://api.venafi.cloud/v1".
// +optional
url?: string @go(URL)
// APITokenSecretRef is a secret key selector for the Venafi Cloud API token.
apiTokenSecretRef: cmmeta.#SecretKeySelector @go(APITokenSecretRef)
}
// Configures an issuer to 'self sign' certificates using the
// private key used to create the CertificateRequest object.
#SelfSignedIssuer: {
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set certificate will be issued without CDP. Values are strings.
// +optional
crlDistributionPoints?: [...string] @go(CRLDistributionPoints,[]string)
}
// Configures an issuer to sign certificates using a HashiCorp Vault
// PKI backend.
#VaultIssuer: {
// Auth configures how cert-manager authenticates with the Vault server.
auth: #VaultAuth @go(Auth)
// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
server: string @go(Server)
// Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
// "my_pki_mount/sign/my-role-name".
path: string @go(Path)
// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
// +optional
namespace?: string @go(Namespace)
// PEM-encoded CA bundle (base64-encoded) used to validate Vault server
// certificate. Only used if the Server URL is using HTTPS protocol. This
// parameter is ignored for plain HTTP protocol connection. If not set the
// system root certificates are used to validate the TLS connection.
// +optional
caBundle?: bytes @go(CABundle,[]byte)
}
// Configuration used to authenticate with a Vault server.
// Only one of `tokenSecretRef`, `appRole` or `kubernetes` may be specified.
#VaultAuth: {
// TokenSecretRef authenticates with Vault by presenting a token.
// +optional
tokenSecretRef?: null | cmmeta.#SecretKeySelector @go(TokenSecretRef,*cmmeta.SecretKeySelector)
// AppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
// +optional
appRole?: null | #VaultAppRole @go(AppRole,*VaultAppRole)
// Kubernetes authenticates with Vault by passing the ServiceAccount
// token stored in the named Secret resource to the Vault server.
// +optional
kubernetes?: null | #VaultKubernetesAuth @go(Kubernetes,*VaultKubernetesAuth)
}
// VaultAppRole authenticates with Vault using the App Role auth mechanism,
// with the role and secret stored in a Kubernetes Secret resource.
#VaultAppRole: {
// Path where the App Role authentication backend is mounted in Vault, e.g:
// "approle"
path: string @go(Path)
// RoleID configured in the App Role authentication backend when setting
// up the authentication backend in Vault.
roleId: string @go(RoleId)
// Reference to a key in a Secret that contains the App Role secret used
// to authenticate with Vault.
// The `key` field must be specified and denotes which entry within the Secret
// resource is used as the app role secret.
secretRef: cmmeta.#SecretKeySelector @go(SecretRef)
}
// Authenticate against Vault using a Kubernetes ServiceAccount token stored in
// a Secret.
#VaultKubernetesAuth: {
// The Vault mountPath here is the mount path to use when authenticating with
// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
// default value "/v1/auth/kubernetes" will be used.
// +optional
mountPath?: string @go(Path)
// The required Secret field containing a Kubernetes ServiceAccount JWT used
// for authenticating with Vault. Use of 'ambient credentials' is not
// supported.
secretRef: cmmeta.#SecretKeySelector @go(SecretRef)
// A required field containing the Vault Role to assume. A Role binds a
// Kubernetes ServiceAccount with a set of Vault policies.
role: string @go(Role)
}
#CAIssuer: {
// SecretName is the name of the secret used to sign Certificates issued
// by this Issuer.
secretName: string @go(SecretName)
// The CRL distribution points is an X.509 v3 certificate extension which identifies
// the location of the CRL from which the revocation of this certificate can be checked.
// If not set, certificates will be issued without distribution points set.
// +optional
crlDistributionPoints?: [...string] @go(CRLDistributionPoints,[]string)
// The OCSP server list is an X.509 v3 extension that defines a list of
// URLs of OCSP responders. The OCSP responders can be queried for the
// revocation status of an issued certificate. If not set, the
// certificate will be issued with no OCSP servers set. For example, an
// OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org".
// +optional
ocspServers?: [...string] @go(OCSPServers,[]string)
}
// IssuerStatus contains status information about an Issuer
#IssuerStatus: {
// List of status conditions to indicate the status of a CertificateRequest.
// Known condition types are `Ready`.
// +optional
conditions?: [...#IssuerCondition] @go(Conditions,[]IssuerCondition)
// ACME specific status options.
// This field should only be set if the Issuer is configured to use an ACME
// server to issue certificates.
// +optional
acme?: null | cmacme.#ACMEIssuerStatus @go(ACME,*cmacme.ACMEIssuerStatus)
}
// IssuerCondition contains condition information for an Issuer.
#IssuerCondition: {
// Type of the condition, known values are (`Ready`).
type: #IssuerConditionType @go(Type)
// Status of the condition, one of (`True`, `False`, `Unknown`).
status: cmmeta.#ConditionStatus @go(Status)
// LastTransitionTime is the timestamp corresponding to the last status
// change of this condition.
// +optional
lastTransitionTime?: null | metav1.#Time @go(LastTransitionTime,*metav1.Time)
// Reason is a brief machine readable explanation for the condition's last
// transition.
// +optional
reason?: string @go(Reason)
// Message is a human readable description of the details of the last
// transition, complementing reason.
// +optional
message?: string @go(Message)
// If set, this represents the .metadata.generation that the condition was
// set based upon.
// For instance, if .metadata.generation is currently 12, but the
// .status.condition[x].observedGeneration is 9, the condition is out of date
// with respect to the current state of the Issuer.
// +optional
observedGeneration?: int64 @go(ObservedGeneration)
}
// IssuerConditionType represents an Issuer condition value.
#IssuerConditionType: string // #enumIssuerConditionType
#enumIssuerConditionType:
#IssuerConditionReady
// IssuerConditionReady represents the fact that a given Issuer condition
// is in ready state and able to issue certificates.
// If the `status` of this condition is `False`, CertificateRequest controllers
// should prevent attempts to sign certificates.
#IssuerConditionReady: #IssuerConditionType & "Ready"

9
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/meta/v1/doc_go_gen.cue
View File

@@ -1,9 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/meta/v1
// Package v1 contains meta types for cert-manager APIs
// +k8s:deepcopy-gen=package
// +gencrdrefdocs:force
// +groupName=meta.cert-manager.io
package v1

64
cue/cue.mod/gen/github.com/jetstack/cert-manager/pkg/apis/meta/v1/types_go_gen.cue
View File

@@ -1,64 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go github.com/jetstack/cert-manager/pkg/apis/meta/v1
package v1
// ConditionStatus represents a condition's status.
// +kubebuilder:validation:Enum=True;False;Unknown
#ConditionStatus: string // #enumConditionStatus
#enumConditionStatus:
#ConditionTrue |
#ConditionFalse |
#ConditionUnknown
// ConditionTrue represents the fact that a given condition is true
#ConditionTrue: #ConditionStatus & "True"
// ConditionFalse represents the fact that a given condition is false
#ConditionFalse: #ConditionStatus & "False"
// ConditionUnknown represents the fact that a given condition is unknown
#ConditionUnknown: #ConditionStatus & "Unknown"
// A reference to an object in the same namespace as the referent.
// If the referent is a cluster-scoped resource (e.g. a ClusterIssuer),
// the reference instead refers to the resource with the given name in the
// configured 'cluster resource namespace', which is set as a flag on the
// controller component (and defaults to the namespace that cert-manager
// runs in).
#LocalObjectReference: {
// Name of the resource being referred to.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
name: string @go(Name)
}
// ObjectReference is a reference to an object with a given name, kind and group.
#ObjectReference: {
// Name of the resource being referred to.
name: string @go(Name)
// Kind of the resource being referred to.
// +optional
kind?: string @go(Kind)
// Group of the resource being referred to.
// +optional
group?: string @go(Group)
}
// A reference to a specific 'key' within a Secret resource.
// In some instances, `key` is a required field.
#SecretKeySelector: {
#LocalObjectReference
// The key of the entry in the Secret resource's `data` field to be used.
// Some instances of this field may be defaulted, in others it may be
// required.
// +optional
key?: string @go(Key)
}
// Used as a data key in Secret resources to store a CA certificate.
#TLSCAKey: "ca.crt"

7
cue/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1
package v1
#GroupName: "apps"

907
cue/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
View File

@@ -1,907 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/apps/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/runtime"
)
#ControllerRevisionHashLabelKey: "controller-revision-hash"
#StatefulSetRevisionLabel: "controller-revision-hash"
#DeprecatedRollbackTo: "deprecated.deployment.rollback.to"
#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation"
#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name"
// StatefulSet represents a set of pods with consistent identities.
// Identities are defined as:
// - Network: A single stable DNS and hostname.
// - Storage: As many VolumeClaims as requested.
// The StatefulSet guarantees that a given network identity will always
// map to the same storage identity.
#StatefulSet: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the desired identities of pods in this set.
// +optional
spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the current status of Pods in this StatefulSet. This data
// may be out of date by some window of time.
// +optional
status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// PodManagementPolicyType defines the policy for creating pods under a stateful set.
// +enum
#PodManagementPolicyType: string // #enumPodManagementPolicyType
#enumPodManagementPolicyType:
#OrderedReadyPodManagement |
#ParallelPodManagement
// OrderedReadyPodManagement will create pods in strictly increasing order on
// scale up and strictly decreasing order on scale down, progressing only when
// the previous pod is ready or terminated. At most one pod will be changed
// at any time.
#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
// ParallelPodManagement will create and delete pods as soon as the stateful set
// replica count is changed, and will not wait for pods to be ready or complete
// termination.
#ParallelPodManagement: #PodManagementPolicyType & "Parallel"
// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
// controller will use to perform updates. It includes any additional parameters
// necessary to perform the update for the indicated strategy.
#StatefulSetUpdateStrategy: {
// Type indicates the type of the StatefulSetUpdateStrategy.
// Default is RollingUpdate.
// +optional
type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
// RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
// +optional
rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
}
// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
// all possible update strategies for the StatefulSet controller.
// +enum
#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
#enumStatefulSetUpdateStrategyType:
#RollingUpdateStatefulSetStrategyType |
#OnDeleteStatefulSetStrategyType
// RollingUpdateStatefulSetStrategyType indicates that update will be
// applied to all Pods in the StatefulSet with respect to the StatefulSet
// ordering constraints. When a scale operation is performed with this
// strategy, new Pods will be created from the specification version indicated
// by the StatefulSet's updateRevision.
#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
// tracking and ordered rolling restarts are disabled. Pods are recreated
// from the StatefulSetSpec when they are manually deleted. When a scale
// operation is performed with this strategy,specification version indicated
// by the StatefulSet's currentRevision.
#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
#RollingUpdateStatefulSetStrategy: {
// Partition indicates the ordinal at which the StatefulSet should be
// partitioned.
// Default value is 0.
// +optional
partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
}
// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
// deleted or scaled down.
#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
#enumPersistentVolumeClaimRetentionPolicyType:
#RetainPersistentVolumeClaimRetentionPolicyType |
#DeletePersistentVolumeClaimRetentionPolicyType
// RetainPersistentVolumeClaimRetentionPolicyType is the default
// PersistentVolumeClaimRetentionPolicy and specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will not be deleted.
#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
// RetentionPersistentVolumeClaimRetentionPolicyType specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will be deleted in the scenario specified in
// StatefulSetPersistentVolumeClaimRetentionPolicy.
#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
// created from the StatefulSet VolumeClaimTemplates.
#StatefulSetPersistentVolumeClaimRetentionPolicy: {
// WhenDeleted specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
// `Delete` policy causes those PVCs to be deleted.
whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
// WhenScaled specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is scaled down. The default
// policy of `Retain` causes PVCs to not be affected by a scaledown. The
// `Delete` policy causes the associated PVCs for any excess pods above
// the replica count to be deleted.
whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
}
// A StatefulSetSpec is the specification of a StatefulSet.
#StatefulSetSpec: {
// replicas is the desired number of replicas of the given Template.
// These are replicas in the sense that they are instantiations of the
// same Template, but individual replicas also have a consistent identity.
// If unspecified, defaults to 1.
// TODO: Consider a rename of this field.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// selector is a label query over pods that should match the replica count.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// template is the object that describes the pod that will be created if
// insufficient replicas are detected. Each pod stamped out by the StatefulSet
// will fulfill this Template, but have a unique identity from the rest
// of the StatefulSet.
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// volumeClaimTemplates is a list of claims that pods are allowed to reference.
// The StatefulSet controller is responsible for mapping network identities to
// claims in a way that maintains the identity of a pod. Every claim in
// this list must have at least one matching (by name) volumeMount in one
// container in the template. A claim in this list takes precedence over
// any volumes in the template, with the same name.
// TODO: Define the behavior if a claim already exists with the same name.
// +optional
volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
// serviceName is the name of the service that governs this StatefulSet.
// This service must exist before the StatefulSet, and is responsible for
// the network identity of the set. Pods get DNS/hostnames that follow the
// pattern: pod-specific-string.serviceName.default.svc.cluster.local
// where "pod-specific-string" is managed by the StatefulSet controller.
serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
// podManagementPolicy controls how pods are created during initial scale up,
// when replacing pods on nodes, or when scaling down. The default policy is
// `OrderedReady`, where pods are created in increasing order (pod-0, then
// pod-1, etc) and the controller will wait until each pod is ready before
// continuing. When scaling down, the pods are removed in the opposite order.
// The alternative policy is `Parallel` which will create pods in parallel
// to match the desired scale without waiting, and on scale down will delete
// all pods at once.
// +optional
podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
// updateStrategy indicates the StatefulSetUpdateStrategy that will be
// employed to update Pods in the StatefulSet when a revision is made to
// Template.
updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
// revisionHistoryLimit is the maximum number of revisions that will
// be maintained in the StatefulSet's revision history. The revision history
// consists of all revisions not represented by a currently applied
// StatefulSetSpec version. The default value is 10.
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
// persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
// volume claims created from volumeClaimTemplates. By default, all persistent
// volume claims are created as needed and retained until manually deleted. This
// policy allows the lifecycle to be altered, for example by deleting persistent
// volume claims when their stateful set is deleted, or when their pod is scaled
// down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
// which is alpha. +optional
persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
}
// StatefulSetStatus represents the current state of a StatefulSet.
#StatefulSetStatus: {
// observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
// StatefulSet's generation, which is updated on mutation by the API Server.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// replicas is the number of Pods created by the StatefulSet controller.
replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
// currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by currentRevision.
currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
// updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
// indicated by updateRevision.
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
// currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
// sequence [0,currentReplicas).
currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
// updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
// [replicas-updatedReplicas,replicas)
updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
// collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
// uses this field as a collision avoidance mechanism when it needs to create the name for the
// newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a statefulset's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
// Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
// This is a beta field and enabled/disabled by StatefulSetMinReadySeconds feature gate.
availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
}
#StatefulSetConditionType: string
// StatefulSetCondition describes the state of a statefulset at a certain point.
#StatefulSetCondition: {
// Type of statefulset condition.
type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// StatefulSetList is a collection of StatefulSets.
#StatefulSetList: {
metav1.#TypeMeta
// Standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of stateful sets.
items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
}
// Deployment enables declarative updates for Pods and ReplicaSets.
#Deployment: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior of the Deployment.
// +optional
spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
// Most recently observed status of the Deployment.
// +optional
status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
}
// DeploymentSpec is the specification of the desired behavior of the Deployment.
#DeploymentSpec: {
// Number of desired pods. This is a pointer to distinguish between explicit
// zero and not specified. Defaults to 1.
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Label selector for pods. Existing ReplicaSets whose pods are
// selected by this will be the ones affected by this deployment.
// It must match the pod template's labels.
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template describes the pods that will be created.
template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
// The deployment strategy to use to replace existing pods with new ones.
// +optional
// +patchStrategy=retainKeys
strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
// The number of old ReplicaSets to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 10.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
// Indicates that the deployment is paused.
// +optional
paused?: bool @go(Paused) @protobuf(7,varint,opt)
// The maximum time in seconds for a deployment to make progress before it
// is considered to be failed. The deployment controller will continue to
// process failed deployments and a condition with a ProgressDeadlineExceeded
// reason will be surfaced in the deployment status. Note that progress will
// not be estimated during the time a deployment is paused. Defaults to 600s.
progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt)
}
// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
// to select new pods (and old pods being select by new ReplicaSet).
#DefaultDeploymentUniqueLabelKey: "pod-template-hash"
// DeploymentStrategy describes how to replace existing pods with new ones.
#DeploymentStrategy: {
// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
// +optional
type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType)
// Rolling update config params. Present only if DeploymentStrategyType =
// RollingUpdate.
//---
// TODO: Update this to follow our convention for oneOf, whatever we decide it
// to be.
// +optional
rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt)
}
// +enum
#DeploymentStrategyType: string // #enumDeploymentStrategyType
#enumDeploymentStrategyType:
#RecreateDeploymentStrategyType |
#RollingUpdateDeploymentStrategyType
// Kill all existing pods before creating new ones.
#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate"
// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate"
// Spec to control the desired behavior of rolling update.
#RollingUpdateDeployment: {
// The maximum number of pods that can be unavailable during the update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// Absolute number is calculated from percentage by rounding down.
// This can not be 0 if MaxSurge is 0.
// Defaults to 25%.
// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
// that the total number of pods available at all times during the update is at
// least 70% of desired pods.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// The maximum number of pods that can be scheduled above the desired number of
// pods.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up.
// Defaults to 25%.
// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
// the rolling update starts, such that the total number of old and new pods do not exceed
// 130% of desired pods. Once old pods have been killed,
// new ReplicaSet can be scaled up further, ensuring that total number of pods running
// at any time during the update is at most 130% of desired pods.
// +optional
maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
}
// DeploymentStatus is the most recently observed status of the Deployment.
#DeploymentStatus: {
// The generation observed by the deployment controller.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
// Total number of non-terminated pods targeted by this deployment (their labels match the selector).
// +optional
replicas?: int32 @go(Replicas) @protobuf(2,varint,opt)
// Total number of non-terminated pods targeted by this deployment that have the desired template spec.
// +optional
updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt)
// readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
// +optional
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt)
// Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
// +optional
availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt)
// Total number of unavailable pods targeted by this deployment. This is the total number of
// pods that are still required for the deployment to have 100% available capacity. They may
// either be pods that are running but not yet available or pods that still have not been created.
// +optional
unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt)
// Represents the latest available observations of a deployment's current state.
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep)
// Count of hash collisions for the Deployment. The Deployment controller uses this
// field as a collision avoidance mechanism when it needs to create the name for the
// newest ReplicaSet.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt)
}
#DeploymentConditionType: string // #enumDeploymentConditionType
#enumDeploymentConditionType:
#DeploymentAvailable |
#DeploymentProgressing |
#DeploymentReplicaFailure
// Available means the deployment is available, ie. at least the minimum available
// replicas required are up and running for at least minReadySeconds.
#DeploymentAvailable: #DeploymentConditionType & "Available"
// Progressing means the deployment is progressing. Progress for a deployment is
// considered when a new replica set is created or adopted, and when new pods scale
// up or old pods scale down. Progress is not estimated for paused deployments or
// when progressDeadlineSeconds is not specified.
#DeploymentProgressing: #DeploymentConditionType & "Progressing"
// ReplicaFailure is added in a deployment when one of its pods fails to be created
// or deleted.
#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure"
// DeploymentCondition describes the state of a deployment at a certain point.
#DeploymentCondition: {
// Type of deployment condition.
type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// The last time this condition was updated.
lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt)
// Last time the condition transitioned from one status to another.
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt)
// The reason for the condition's last transition.
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// DeploymentList is a list of Deployments.
#DeploymentList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of Deployments.
items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep)
}
// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
#DaemonSetUpdateStrategy: {
// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
// +optional
type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt)
// Rolling update config params. Present only if type = "RollingUpdate".
//---
// TODO: Update this to follow our convention for oneOf, whatever we decide it
// to be. Same as Deployment `strategy.rollingUpdate`.
// See https://github.com/kubernetes/kubernetes/issues/35345
// +optional
rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt)
}
// +enum
#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType
#enumDaemonSetUpdateStrategyType:
#RollingUpdateDaemonSetStrategyType |
#OnDeleteDaemonSetStrategyType
// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate"
// Replace the old daemons only when it's killed
#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete"
// Spec to control the desired behavior of daemon set rolling update.
#RollingUpdateDaemonSet: {
// The maximum number of DaemonSet pods that can be unavailable during the
// update. Value can be an absolute number (ex: 5) or a percentage of total
// number of DaemonSet pods at the start of the update (ex: 10%). Absolute
// number is calculated from percentage by rounding up.
// This cannot be 0 if MaxSurge is 0
// Default value is 1.
// Example: when this is set to 30%, at most 30% of the total number of nodes
// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
// can have their pods stopped for an update at any given time. The update
// starts by stopping at most 30% of those DaemonSet pods and then brings
// up new DaemonSet pods in their place. Once the new pods are available,
// it then proceeds onto other DaemonSet pods, thus ensuring that at least
// 70% of original number of DaemonSet pods are available at all times during
// the update.
// +optional
maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
// The maximum number of nodes with an existing available DaemonSet pod that
// can have an updated DaemonSet pod during during an update.
// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
// This can not be 0 if MaxUnavailable is 0.
// Absolute number is calculated from percentage by rounding up to a minimum of 1.
// Default value is 0.
// Example: when this is set to 30%, at most 30% of the total number of nodes
// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
// can have their a new pod created before the old pod is marked as deleted.
// The update starts by launching new pods on 30% of nodes. Once an updated
// pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
// on that node is marked deleted. If the old pod becomes unavailable for any
// reason (Ready transitions to false, is evicted, or is drained) an updated
// pod is immediatedly created on that node without considering surge limits.
// Allowing surge implies the possibility that the resources consumed by the
// daemonset on any given node can double if the readiness check fails, and
// so resource intensive daemonsets should take into account that they may
// cause evictions during disruption.
// This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.
// +optional
maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
}
// DaemonSetSpec is the specification of a daemon set.
#DaemonSetSpec: {
// A label query over pods that are managed by the daemon set.
// Must match in order to be controlled.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
// An object that describes the pod that will be created.
// The DaemonSet will create exactly one copy of this pod on every node
// that matches the template's node selector (or on every node if no node
// selector is specified).
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
// An update strategy to replace existing DaemonSet pods with new pods.
// +optional
updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt)
// The minimum number of seconds for which a newly created DaemonSet pod should
// be ready without any of its container crashing, for it to be considered
// available. Defaults to 0 (pod will be considered available as soon as it
// is ready).
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
// The number of old history to retain to allow rollback.
// This is a pointer to distinguish between explicit zero and not specified.
// Defaults to 10.
// +optional
revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
}
// DaemonSetStatus represents the current status of a daemon set.
#DaemonSetStatus: {
// The number of nodes that are running at least 1
// daemon pod and are supposed to run the daemon pod.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt)
// The number of nodes that are running the daemon pod, but are
// not supposed to run the daemon pod.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt)
// The total number of nodes that should be running the daemon
// pod (including nodes correctly running the daemon pod).
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt)
// numberReady is the number of nodes that should be running the daemon pod and have one
// or more of the daemon pod running with a Ready Condition.
numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt)
// The most recent generation observed by the daemon set controller.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt)
// The total number of nodes that are running updated daemon pod
// +optional
updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt)
// The number of nodes that should be running the
// daemon pod and have one or more of the daemon pod running and
// available (ready for at least spec.minReadySeconds)
// +optional
numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt)
// The number of nodes that should be running the
// daemon pod and have none of the daemon pod running and available
// (ready for at least spec.minReadySeconds)
// +optional
numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt)
// Count of hash collisions for the DaemonSet. The DaemonSet controller
// uses this field as a collision avoidance mechanism when it needs to
// create the name for the newest ControllerRevision.
// +optional
collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
// Represents the latest available observations of a DaemonSet's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep)
}
#DaemonSetConditionType: string
// DaemonSetCondition describes the state of a DaemonSet at a certain point.
#DaemonSetCondition: {
// Type of DaemonSet condition.
type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// Last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// DaemonSet represents the configuration of a daemon set.
#DaemonSet: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// The desired behavior of this daemon set.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt)
// The current status of this daemon set. This data may be
// out of date by some window of time.
// Populated by the system.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// DefaultDaemonSetUniqueLabelKey is the default label key that is added
// to existing DaemonSet pods to distinguish between old and new
// DaemonSet pods during DaemonSet template updates.
#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash"
// DaemonSetList is a collection of daemon sets.
#DaemonSetList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// A list of daemon sets.
items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep)
}
// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
#ReplicaSet: {
metav1.#TypeMeta
// If the Labels of a ReplicaSet are empty, they are defaulted to
// be the same as the Pod(s) that the ReplicaSet manages.
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec defines the specification of the desired behavior of the ReplicaSet.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the most recently observed status of the ReplicaSet.
// This data may be out of date by some window of time.
// Populated by the system.
// Read-only.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt)
}
// ReplicaSetList is a collection of ReplicaSets.
#ReplicaSetList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// List of ReplicaSets.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep)
}
// ReplicaSetSpec is the specification of a ReplicaSet.
#ReplicaSetSpec: {
// Replicas is the number of desired replicas.
// This is a pointer to distinguish between explicit zero and unspecified.
// Defaults to 1.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
// +optional
replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
// Minimum number of seconds for which a newly created pod should be ready
// without any of its container crashing, for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
// +optional
minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
// Selector is a label query over pods that should match the replica count.
// Label keys and values that must match in order to be controlled by this replica set.
// It must match the pod template's labels.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// Template is the object that describes the pod that will be created if
// insufficient replicas are detected.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
// +optional
template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
}
// ReplicaSetStatus represents the current status of a ReplicaSet.
#ReplicaSetStatus: {
// Replicas is the most recently oberved number of replicas.
// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
// The number of pods that have labels matching the labels of the pod template of the replicaset.
// +optional
fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
// readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
// +optional
readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
// The number of available replicas (ready for at least minReadySeconds) for this replica set.
// +optional
availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
// ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
// +optional
observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
// Represents the latest available observations of a replica set's current state.
// +optional
// +patchMergeKey=type
// +patchStrategy=merge
conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep)
}
#ReplicaSetConditionType: string // #enumReplicaSetConditionType
#enumReplicaSetConditionType:
#ReplicaSetReplicaFailure
// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created
// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted
// due to kubelet being down or finalizers are failing.
#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure"
// ReplicaSetCondition describes the state of a replica set at a certain point.
#ReplicaSetCondition: {
// Type of replica set condition.
type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType)
// Status of the condition, one of True, False, Unknown.
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
// The last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// The reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// A human readable message indicating details about the transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// ControllerRevision implements an immutable snapshot of state data. Clients
// are responsible for serializing and deserializing the objects that contain
// their internal state.
// Once a ControllerRevision has been successfully created, it can not be updated.
// The API Server will fail validation of all requests that attempt to mutate
// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
// it may be subject to name and representation changes in future releases, and clients should not
// depend on its stability. It is primarily for internal use by controllers.
#ControllerRevision: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Data is the serialized representation of the state.
data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt)
// Revision indicates the revision of the state represented by Data.
revision: int64 @go(Revision) @protobuf(3,varint,opt)
}
// ControllerRevisionList is a resource containing a list of ControllerRevision objects.
#ControllerRevisionList: {
metav1.#TypeMeta
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of ControllerRevisions
items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep)
}

7
cue/cue.mod/gen/k8s.io/api/autoscaling/v2beta2/register_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/autoscaling/v2beta2
package v2beta2
#GroupName: "autoscaling"

586
cue/cue.mod/gen/k8s.io/api/autoscaling/v2beta2/types_go_gen.cue
View File

@@ -1,586 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/autoscaling/v2beta2
package v2beta2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
)
// HorizontalPodAutoscaler is the configuration for a horizontal pod
// autoscaler, which automatically manages the replica count of any resource
// implementing the scale subresource based on the metrics specified.
#HorizontalPodAutoscaler: {
metav1.#TypeMeta
// metadata is the standard object metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec is the specification for the behaviour of the autoscaler.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// +optional
spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt)
// status is the current information about the autoscaler.
// +optional
status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt)
}
// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.
#HorizontalPodAutoscalerSpec: {
// scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics
// should be collected, as well as to actually change the replica count.
scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt)
// minReplicas is the lower limit for the number of replicas to which the autoscaler
// can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the
// alpha feature gate HPAScaleToZero is enabled and at least one Object or External
// metric is configured. Scaling is active as long as at least one metric value is
// available.
// +optional
minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt)
// maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.
// It cannot be less that minReplicas.
maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt)
// metrics contains the specifications for which to use to calculate the
// desired replica count (the maximum replica count across all metrics will
// be used). The desired replica count is calculated multiplying the
// ratio between the target value and the current value by the current
// number of pods. Ergo, metrics used must decrease as the pod count is
// increased, and vice-versa. See the individual metric source types for
// more information about how each type of metric must respond.
// If not set, the default metric will be set to 80% average CPU utilization.
// +optional
metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep)
// behavior configures the scaling behavior of the target
// in both Up and Down directions (scaleUp and scaleDown fields respectively).
// If not set, the default HPAScalingRules for scale up and scale down are used.
// +optional
behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt)
}
// CrossVersionObjectReference contains enough information to let you identify the referred resource.
#CrossVersionObjectReference: {
// Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
kind: string @go(Kind) @protobuf(1,bytes,opt)
// Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names
name: string @go(Name) @protobuf(2,bytes,opt)
// API version of the referent
// +optional
apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
}
// MetricSpec specifies how to scale based on a single metric
// (only `type` and one other matching field should be set at once).
#MetricSpec: {
// type is the type of metric source. It should be one of "ContainerResource", "External",
// "Object", "Pods" or "Resource", each mapping to a matching field in the object.
// Note: "ContainerResource" type is available on when the feature-gate
// HPAContainerMetrics is enabled
type: #MetricSourceType @go(Type) @protobuf(1,bytes)
// object refers to a metric describing a single kubernetes object
// (for example, hits-per-second on an Ingress object).
// +optional
object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt)
// pods refers to a metric describing each pod in the current scale target
// (for example, transactions-processed-per-second). The values will be
// averaged together before being compared to the target value.
// +optional
pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt)
// resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt)
// container resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing a single container in
// each pod of the current scale target (e.g. CPU or memory). Such metrics are
// built in to Kubernetes, and have special scaling options on top of those
// available to normal per-pod metrics using the "pods" source.
// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
// +optional
containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt)
// external refers to a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
// +optional
external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt)
}
// HorizontalPodAutoscalerBehavior configures the scaling behavior of the target
// in both Up and Down directions (scaleUp and scaleDown fields respectively).
#HorizontalPodAutoscalerBehavior: {
// scaleUp is scaling policy for scaling Up.
// If not set, the default value is the higher of:
// * increase no more than 4 pods per 60 seconds
// * double the number of pods per 60 seconds
// No stabilization is used.
// +optional
scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt)
// scaleDown is scaling policy for scaling Down.
// If not set, the default value is to allow to scale down to minReplicas pods, with a
// 300 second stabilization window (i.e., the highest recommendation for
// the last 300sec is used).
// +optional
scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt)
}
// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction
#ScalingPolicySelect: string // #enumScalingPolicySelect
#enumScalingPolicySelect:
#MaxPolicySelect |
#MinPolicySelect |
#DisabledPolicySelect
// MaxPolicySelect selects the policy with the highest possible change.
#MaxPolicySelect: #ScalingPolicySelect & "Max"
// MinPolicySelect selects the policy with the lowest possible change.
#MinPolicySelect: #ScalingPolicySelect & "Min"
// DisabledPolicySelect disables the scaling in this direction.
#DisabledPolicySelect: #ScalingPolicySelect & "Disabled"
// HPAScalingRules configures the scaling behavior for one direction.
// These Rules are applied after calculating DesiredReplicas from metrics for the HPA.
// They can limit the scaling velocity by specifying scaling policies.
// They can prevent flapping by specifying the stabilization window, so that the
// number of replicas is not set instantly, instead, the safest value from the stabilization
// window is chosen.
#HPAScalingRules: {
// StabilizationWindowSeconds is the number of seconds for which past recommendations should be
// considered while scaling up or scaling down.
// StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
// If not set, use the default values:
// - For scale up: 0 (i.e. no stabilization is done).
// - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
// +optional
stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt)
// selectPolicy is used to specify which policy should be used.
// If not set, the default value MaxPolicySelect is used.
// +optional
selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt)
// policies is a list of potential scaling polices which can be used during scaling.
// At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
// +optional
policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep)
}
// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions.
#HPAScalingPolicyType: string // #enumHPAScalingPolicyType
#enumHPAScalingPolicyType:
#PodsScalingPolicy |
#PercentScalingPolicy
// PodsScalingPolicy is a policy used to specify a change in absolute number of pods.
#PodsScalingPolicy: #HPAScalingPolicyType & "Pods"
// PercentScalingPolicy is a policy used to specify a relative amount of change with respect to
// the current number of pods.
#PercentScalingPolicy: #HPAScalingPolicyType & "Percent"
// HPAScalingPolicy is a single policy which must hold true for a specified past interval.
#HPAScalingPolicy: {
// Type is used to specify the scaling policy.
type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType)
// Value contains the amount of change which is permitted by the policy.
// It must be greater than zero
value: int32 @go(Value) @protobuf(2,varint,opt)
// PeriodSeconds specifies the window of time for which the policy should hold true.
// PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt)
}
// MetricSourceType indicates the type of metric.
#MetricSourceType: string // #enumMetricSourceType
#enumMetricSourceType:
#ObjectMetricSourceType |
#PodsMetricSourceType |
#ResourceMetricSourceType |
#ContainerResourceMetricSourceType |
#ExternalMetricSourceType
// ObjectMetricSourceType is a metric describing a kubernetes object
// (for example, hits-per-second on an Ingress object).
#ObjectMetricSourceType: #MetricSourceType & "Object"
// PodsMetricSourceType is a metric describing each pod in the current scale
// target (for example, transactions-processed-per-second). The values
// will be averaged together before being compared to the target value.
#PodsMetricSourceType: #MetricSourceType & "Pods"
// ResourceMetricSourceType is a resource metric known to Kubernetes, as
// specified in requests and limits, describing each pod in the current
// scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics (the "pods" source).
#ResourceMetricSourceType: #MetricSourceType & "Resource"
// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as
// specified in requests and limits, describing a single container in each pod in the current
// scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics (the "pods" source).
#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource"
// ExternalMetricSourceType is a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
#ExternalMetricSourceType: #MetricSourceType & "External"
// ObjectMetricSource indicates how to scale on a metric describing a
// kubernetes object (for example, hits-per-second on an Ingress object).
#ObjectMetricSource: {
describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes)
}
// PodsMetricSource indicates how to scale on a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
// The values will be averaged together before being compared to the target
// value.
#PodsMetricSource: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
}
// ResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). The values will be averaged
// together before being compared to the target. Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source. Only one "target" type
// should be set.
#ResourceMetricSource: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
}
// ContainerResourceMetricSource indicates how to scale on a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). The values will be averaged
// together before being compared to the target. Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source. Only one "target" type
// should be set.
#ContainerResourceMetricSource: {
// name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
// container is the name of the container in the pods of the scaling target
container: string @go(Container) @protobuf(3,bytes,opt)
}
// ExternalMetricSource indicates how to scale on a metric not associated with
// any Kubernetes object (for example length of queue in cloud
// messaging service, or QPS from loadbalancer running outside of cluster).
#ExternalMetricSource: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// target specifies the target value for the given metric
target: #MetricTarget @go(Target) @protobuf(2,bytes)
}
// MetricIdentifier defines the name and optionally selector for a metric
#MetricIdentifier: {
// name is the name of the given metric
name: string @go(Name) @protobuf(1,bytes)
// selector is the string-encoded form of a standard kubernetes label selector for the given metric
// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
// When unset, just the metricName will be used to gather metrics.
// +optional
selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes)
}
// MetricTarget defines the target value, average value, or average utilization of a specific metric
#MetricTarget: {
// type represents whether the metric type is Utilization, Value, or AverageValue
type: #MetricTargetType @go(Type) @protobuf(1,bytes)
// value is the target value of the metric (as a quantity).
// +optional
value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt)
// averageValue is the target value of the average of the
// metric across all relevant pods (as a quantity)
// +optional
averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
// averageUtilization is the target value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods.
// Currently only valid for Resource metric source type
// +optional
averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt)
}
// MetricTargetType specifies the type of metric being targeted, and should be either
// "Value", "AverageValue", or "Utilization"
#MetricTargetType: string // #enumMetricTargetType
#enumMetricTargetType:
#UtilizationMetricType |
#ValueMetricType |
#AverageValueMetricType
// UtilizationMetricType declares a MetricTarget is an AverageUtilization value
#UtilizationMetricType: #MetricTargetType & "Utilization"
// ValueMetricType declares a MetricTarget is a raw value
#ValueMetricType: #MetricTargetType & "Value"
// AverageValueMetricType declares a MetricTarget is an
#AverageValueMetricType: #MetricTargetType & "AverageValue"
// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler.
#HorizontalPodAutoscalerStatus: {
// observedGeneration is the most recent generation observed by this autoscaler.
// +optional
observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt)
// lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods,
// used by the autoscaler to control how often the number of pods is changed.
// +optional
lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt)
// currentReplicas is current number of replicas of pods managed by this autoscaler,
// as last seen by the autoscaler.
currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt)
// desiredReplicas is the desired number of replicas of pods managed by this autoscaler,
// as last calculated by the autoscaler.
desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt)
// currentMetrics is the last read state of the metrics used by this autoscaler.
// +optional
currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep)
// conditions is the set of conditions required for this autoscaler to scale its target,
// and indicates whether or not those conditions are met.
// +optional
conditions: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep)
}
// HorizontalPodAutoscalerConditionType are the valid conditions of
// a HorizontalPodAutoscaler.
#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType
#enumHorizontalPodAutoscalerConditionType:
#ScalingActive |
#AbleToScale |
#ScalingLimited
// ScalingActive indicates that the HPA controller is able to scale if necessary:
// it's correctly configured, can fetch the desired metrics, and isn't disabled.
#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive"
// AbleToScale indicates a lack of transient issues which prevent scaling from occurring,
// such as being in a backoff window, or being unable to access/update the target scale.
#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale"
// ScalingLimited indicates that the calculated scale based on metrics would be above or
// below the range for the HPA, and has thus been capped.
#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited"
// HorizontalPodAutoscalerCondition describes the state of
// a HorizontalPodAutoscaler at a certain point.
#HorizontalPodAutoscalerCondition: {
// type describes the current condition
type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes)
// status is the status of the condition (True, False, Unknown)
status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes)
// lastTransitionTime is the last time the condition transitioned from
// one status to another
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// reason is the reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// message is a human-readable explanation containing details about
// the transition
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// MetricStatus describes the last-read state of a single metric.
#MetricStatus: {
// type is the type of metric source. It will be one of "ContainerResource", "External",
// "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
// Note: "ContainerResource" type is available on when the feature-gate
// HPAContainerMetrics is enabled
type: #MetricSourceType @go(Type) @protobuf(1,bytes)
// object refers to a metric describing a single kubernetes object
// (for example, hits-per-second on an Ingress object).
// +optional
object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt)
// pods refers to a metric describing each pod in the current scale target
// (for example, transactions-processed-per-second). The values will be
// averaged together before being compared to the target value.
// +optional
pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt)
// resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt)
// container resource refers to a resource metric (such as those specified in
// requests and limits) known to Kubernetes describing a single container in each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available
// to normal per-pod metrics using the "pods" source.
// +optional
containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt)
// external refers to a global metric that is not associated
// with any Kubernetes object. It allows autoscaling based on information
// coming from components running outside of cluster
// (for example length of queue in cloud messaging service, or
// QPS from loadbalancer running outside of cluster).
// +optional
external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt)
}
// ObjectMetricStatus indicates the current value of a metric describing a
// kubernetes object (for example, hits-per-second on an Ingress object).
#ObjectMetricStatus: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes)
}
// PodsMetricStatus indicates the current value of a metric describing each pod in
// the current scale target (for example, transactions-processed-per-second).
#PodsMetricStatus: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
}
// ResourceMetricStatus indicates the current value of a resource metric known to
// Kubernetes, as specified in requests and limits, describing each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source.
#ResourceMetricStatus: {
// Name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
}
// ContainerResourceMetricStatus indicates the current value of a resource metric known to
// Kubernetes, as specified in requests and limits, describing a single container in each pod in the
// current scale target (e.g. CPU or memory). Such metrics are built in to
// Kubernetes, and have special scaling options on top of those available to
// normal per-pod metrics using the "pods" source.
#ContainerResourceMetricStatus: {
// Name is the name of the resource in question.
name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
// Container is the name of the container in the pods of the scaling target
container: string @go(Container) @protobuf(3,bytes,opt)
}
// ExternalMetricStatus indicates the current value of a global metric
// not associated with any Kubernetes object.
#ExternalMetricStatus: {
// metric identifies the target metric by name and selector
metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
// current contains the current value for the given metric
current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
}
// MetricValueStatus holds the current value for a metric
#MetricValueStatus: {
// value is the current value of the metric (as a quantity).
// +optional
value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt)
// averageValue is the current value of the average of the
// metric across all relevant pods (as a quantity)
// +optional
averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt)
// currentAverageUtilization is the current value of the average of the
// resource metric across all relevant pods, represented as a percentage of
// the requested value of the resource for the pods.
// +optional
averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt)
}
// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects.
#HorizontalPodAutoscalerList: {
metav1.#TypeMeta
// metadata is the standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items is the list of horizontal pod autoscaler objects.
items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep)
}

136
cue/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
View File

@@ -1,136 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
// webhook backend fails.
#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open"
// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
#MirrorPodAnnotationKey: "kubernetes.io/config.mirror"
// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
// in the Annotations of a Pod.
#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations"
// TaintsAnnotationKey represents the key of taints data (json serialized)
// in the Annotations of a Node.
#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints"
// SeccompPodAnnotationKey represents the key of a seccomp profile applied
// to all containers of a pod.
// Deprecated: set a pod security context `seccompProfile` field.
#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod"
// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
// to one container of a pod.
// Deprecated: set a container security context `seccompProfile` field.
#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/"
// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
#SeccompProfileRuntimeDefault: "runtime/default"
// SeccompProfileNameUnconfined is the unconfined seccomp profile.
#SeccompProfileNameUnconfined: "unconfined"
// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
#SeccompLocalhostProfileNamePrefix: "localhost/"
// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/"
// AppArmorBetaDefaultProfileAnnotatoinKey is the annotation key specifying the default AppArmor profile.
#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName"
// AppArmorBetaAllowedProfileAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames"
// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
#AppArmorBetaProfileRuntimeDefault: "runtime/default"
// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
#AppArmorBetaProfileNamePrefix: "localhost/"
// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
#AppArmorBetaProfileNameUnconfined: "unconfined"
// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
#DeprecatedSeccompProfileDockerDefault: "docker/default"
// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
// in the Annotations of a Node.
#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods"
// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
// an object (e.g. secret, config map) before fetching it again from apiserver.
// This annotation can be attached to node.
#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl"
// annotation key prefix used to identify non-convertible json paths.
#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io"
_#kubectlPrefix: "kubectl.kubernetes.io/"
// LastAppliedConfigAnnotation is the annotation used to store the previous
// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration"
// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
//
// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
// access only from the CIDRs currently allocated to MIT & the USPS.
//
// Not all cloud providers support this annotation, though AWS & GCE do.
#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges"
// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
// of the last change, of some Pod or Service object, that triggered the endpoints object change.
// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
// controller at T1, and the Endpoints object was changed at T2, the
// EndpointsLastChangeTriggerTime would be set to T0.
//
// The "endpoints change trigger" here means any Pod or Service change that resulted in the
// Endpoints object change.
//
// Given the definition of the "endpoints change trigger", please note that this annotation will
// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
// already set).
//
// This annotation will be used to compute the in-cluster network programming latency SLI, see
// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time"
// EndpointsOverCapacity will be set on an Endpoints resource when it
// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
// controller will set this annotation with a value of "warning". In a
// future release, the controller may set this annotation with a value of
// "truncated" to indicate that any addresses exceeding the limit of 1000
// have been truncated from the Endpoints resource.
#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity"
// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
// CSI Backend for a volume plugin on a specific node.
#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins"
// PodDeletionCost can be used to set to an int32 that represent the cost of deleting
// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower
// deletion cost are preferred to be deleted before pods with higher deletion cost.
// Note that this is honored on a best-effort basis, and so it does not offer guarantees on
// pod deletion order.
// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted.
//
// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled.
#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost"
// AnnotationTopologyAwareHints can be used to enable or disable Topology
// Aware Hints for a Service. This may be set to "Auto" or "Disabled". Any
// other value is treated as "Disabled".
#AnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints"

6
cue/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
View File

@@ -1,6 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
// Package v1 is the v1 version of the core API.
package v1

7
cue/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
#GroupName: ""

7068
cue/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
View File

File diff suppressed because it is too large Load Diff

55
cue/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
View File

@@ -1,55 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
#LabelHostname: "kubernetes.io/hostname"
#LabelTopologyZone: "topology.kubernetes.io/zone"
#LabelTopologyRegion: "topology.kubernetes.io/region"
// These label have been deprecated since 1.17, but will be supported for
// the foreseeable future, to accommodate things like long-lived PVs that
// use them. New users should prefer the "topology.kubernetes.io/*"
// equivalents.
#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone"
#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region"
// Retained for compat when vendored. Do not use these consts in new code.
#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone"
#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region"
#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone"
#LabelZoneRegionStable: "topology.kubernetes.io/region"
#LabelInstanceType: "beta.kubernetes.io/instance-type"
#LabelInstanceTypeStable: "node.kubernetes.io/instance-type"
#LabelOSStable: "kubernetes.io/os"
#LabelArchStable: "kubernetes.io/arch"
// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0.
// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763)
#LabelWindowsBuild: "node.kubernetes.io/windows-build"
// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*)
#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io"
// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*)
#LabelNamespaceSuffixNode: "node.kubernetes.io"
// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled
#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io"
// IsHeadlessService is added by Controller to an Endpoint denoting if its parent
// Service is Headless. The existence of this label can be used further by other
// controllers and kube-proxy to check if the Endpoint objects should be replicated when
// using Headless Services
#IsHeadlessService: "service.kubernetes.io/headless"
// LabelNodeExcludeBalancers specifies that the node should not be considered as a target
// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only
// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that
// any backends on excluded nodes are not reachable by those external load-balancers.
// Implementations of this exclusion may vary based on provider.
#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers"
// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels
#LabelMetadataName: "kubernetes.io/metadata.name"

34
cue/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
View File

@@ -1,34 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/core/v1
package v1
// TaintNodeNotReady will be added when node is not ready
// and removed when node becomes ready.
#TaintNodeNotReady: "node.kubernetes.io/not-ready"
// TaintNodeUnreachable will be added when node becomes unreachable
// (corresponding to NodeReady status ConditionUnknown)
// and removed when node becomes reachable (NodeReady status ConditionTrue).
#TaintNodeUnreachable: "node.kubernetes.io/unreachable"
// TaintNodeUnschedulable will be added when node becomes unschedulable
// and removed when node becomes schedulable.
#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable"
// TaintNodeMemoryPressure will be added when node has memory pressure
// and removed when node has enough memory.
#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure"
// TaintNodeDiskPressure will be added when node has disk pressure
// and removed when node has enough disk.
#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure"
// TaintNodeNetworkUnavailable will be added when node's network is unavailable
// and removed when network becomes ready.
#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable"
// TaintNodePIDPressure will be added when node has pid pressure
// and removed when node has enough pid.
#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure"

7
cue/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/networking/v1
package v1
#GroupName: "networking.k8s.io"

543
cue/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue
View File

@@ -1,543 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/networking/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/intstr"
)
// NetworkPolicy describes what network traffic is allowed for a set of Pods
#NetworkPolicy: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Specification of the desired behavior for this NetworkPolicy.
// +optional
spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt)
}
// PolicyType string describes the NetworkPolicy type
// This type is beta-level in 1.8
// +enum
#PolicyType: string // #enumPolicyType
#enumPolicyType:
#PolicyTypeIngress |
#PolicyTypeEgress
// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods
#PolicyTypeIngress: #PolicyType & "Ingress"
// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods
#PolicyTypeEgress: #PolicyType & "Egress"
// NetworkPolicySpec provides the specification of a NetworkPolicy
#NetworkPolicySpec: {
// Selects the pods to which this NetworkPolicy object applies. The array of
// ingress rules is applied to any pods selected by this field. Multiple network
// policies can select the same set of pods. In this case, the ingress rules for
// each are combined additively. This field is NOT optional and follows standard
// label selector semantics. An empty podSelector matches all pods in this
// namespace.
podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt)
// List of ingress rules to be applied to the selected pods. Traffic is allowed to
// a pod if there are no NetworkPolicies selecting the pod
// (and cluster policy otherwise allows the traffic), OR if the traffic source is
// the pod's local node, OR if the traffic matches at least one ingress rule
// across all of the NetworkPolicy objects whose podSelector matches the pod. If
// this field is empty then this NetworkPolicy does not allow any traffic (and serves
// solely to ensure that the pods it selects are isolated by default)
// +optional
ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep)
// List of egress rules to be applied to the selected pods. Outgoing traffic is
// allowed if there are no NetworkPolicies selecting the pod (and cluster policy
// otherwise allows the traffic), OR if the traffic matches at least one egress rule
// across all of the NetworkPolicy objects whose podSelector matches the pod. If
// this field is empty then this NetworkPolicy limits all outgoing traffic (and serves
// solely to ensure that the pods it selects are isolated by default).
// This field is beta-level in 1.8
// +optional
egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep)
// List of rule types that the NetworkPolicy relates to.
// Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"].
// If this field is not specified, it will default based on the existence of Ingress or Egress rules;
// policies that contain an Egress section are assumed to affect Egress, and all policies
// (whether or not they contain an Ingress section) are assumed to affect Ingress.
// If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].
// Likewise, if you want to write a policy that specifies that no egress is allowed,
// you must specify a policyTypes value that include "Egress" (since such a policy would not include
// an Egress section and would otherwise default to just [ "Ingress" ]).
// This field is beta-level in 1.8
// +optional
policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType)
}
// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
#NetworkPolicyIngressRule: {
// List of ports which should be made accessible on the pods selected for this
// rule. Each item in this list is combined using a logical OR. If this field is
// empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows
// traffic only if the traffic matches at least one port in the list.
// +optional
ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep)
// List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation. If this field is
// empty or missing, this rule matches all sources (traffic not restricted by
// source). If this field is present and contains at least one item, this rule
// allows traffic only if the traffic matches at least one item in the from list.
// +optional
from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep)
}
// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to.
// This type is beta-level in 1.8
#NetworkPolicyEgressRule: {
// List of destination ports for outgoing traffic.
// Each item in this list is combined using a logical OR. If this field is
// empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows
// traffic only if the traffic matches at least one port in the list.
// +optional
ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep)
// List of destinations for outgoing traffic of pods selected for this rule.
// Items in this list are combined using a logical OR operation. If this field is
// empty or missing, this rule matches all destinations (traffic not restricted by
// destination). If this field is present and contains at least one item, this rule
// allows traffic only if the traffic matches at least one item in the to list.
// +optional
to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep)
}
// NetworkPolicyPort describes a port to allow traffic on
#NetworkPolicyPort: {
// The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this
// field defaults to TCP.
// +optional
protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol)
// The port on the given protocol. This can either be a numerical or named
// port on a pod. If this field is not provided, this matches all port names and
// numbers.
// If present, only traffic on the specified protocol AND port will be matched.
// +optional
port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt)
// If set, indicates that the range of ports from port to endPort, inclusive,
// should be allowed by the policy. This field cannot be defined if the port field
// is not defined or if the port field is defined as a named (string) port.
// The endPort must be equal or greater than port.
// This feature is in Beta state and is enabled by default.
// It can be disabled using the Feature Gate "NetworkPolicyEndPort".
// +optional
endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt)
}
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed
// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs
// that should not be included within this rule.
#IPBlock: {
// CIDR is a string representing the IP Block
// Valid examples are "192.168.1.1/24" or "2001:db9::/64"
cidr: string @go(CIDR) @protobuf(1,bytes)
// Except is a slice of CIDRs that should not be included within an IP Block
// Valid examples are "192.168.1.1/24" or "2001:db9::/64"
// Except values will be rejected if they are outside the CIDR range
// +optional
except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep)
}
// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of
// fields are allowed
#NetworkPolicyPeer: {
// This is a label selector which selects Pods. This field follows standard label
// selector semantics; if present but empty, it selects all pods.
//
// If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
// +optional
podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
// Selects Namespaces using cluster-scoped labels. This field follows standard label
// selector semantics; if present but empty, it selects all namespaces.
//
// If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
// the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
// Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
// +optional
namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
// IPBlock defines policy on a particular IPBlock. If this field is set then
// neither of the other fields can be.
// +optional
ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep)
}
// NetworkPolicyList is a list of NetworkPolicy objects.
#NetworkPolicyList: {
metav1.#TypeMeta
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is a list of schema objects.
items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep)
}
// Ingress is a collection of rules that allow inbound connections to reach the
// endpoints defined by a backend. An Ingress can be configured to give services
// externally-reachable urls, load balance traffic, terminate SSL, offer name
// based virtual hosting etc.
#Ingress: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec is the desired state of the Ingress.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt)
// Status is the current state of the Ingress.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt)
}
// IngressList is a collection of Ingress.
#IngressList: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of Ingress.
items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep)
}
// IngressSpec describes the Ingress the user wishes to exist.
#IngressSpec: {
// IngressClassName is the name of the IngressClass cluster resource. The
// associated IngressClass defines which controller will implement the
// resource. This replaces the deprecated `kubernetes.io/ingress.class`
// annotation. For backwards compatibility, when that annotation is set, it
// must be given precedence over this field. The controller may emit a
// warning if the field and annotation have different values.
// Implementations of this API should ignore Ingresses without a class
// specified. An IngressClass resource may be marked as default, which can
// be used to set a default value for this field. For more information,
// refer to the IngressClass documentation.
// +optional
ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt)
// DefaultBackend is the backend that should handle requests that don't
// match any rule. If Rules are not specified, DefaultBackend must be specified.
// If DefaultBackend is not set, the handling of requests that do not match any
// of the rules will be up to the Ingress controller.
// +optional
defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt)
// TLS configuration. Currently the Ingress only supports a single TLS
// port, 443. If multiple members of this list specify different hosts, they
// will be multiplexed on the same port according to the hostname specified
// through the SNI TLS extension, if the ingress controller fulfilling the
// ingress supports SNI.
// +listType=atomic
// +optional
tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep)
// A list of host rules used to configure the Ingress. If unspecified, or
// no rule matches, all traffic is sent to the default backend.
// +listType=atomic
// +optional
rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep)
}
// IngressTLS describes the transport layer security associated with an Ingress.
#IngressTLS: {
// Hosts are a list of hosts included in the TLS certificate. The values in
// this list must match the name/s used in the tlsSecret. Defaults to the
// wildcard host setting for the loadbalancer controller fulfilling this
// Ingress, if left unspecified.
// +listType=atomic
// +optional
hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep)
// SecretName is the name of the secret used to terminate TLS traffic on
// port 443. Field is left optional to allow TLS routing based on SNI
// hostname alone. If the SNI host in a listener conflicts with the "Host"
// header field used by an IngressRule, the SNI host is used for termination
// and value of the Host header is used for routing.
// +optional
secretName?: string @go(SecretName) @protobuf(2,bytes,opt)
}
// IngressStatus describe the current state of the Ingress.
#IngressStatus: {
// LoadBalancer contains the current status of the load-balancer.
// +optional
loadBalancer?: v1.#LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt)
}
// IngressRule represents the rules mapping the paths under a specified host to
// the related backend services. Incoming requests are first evaluated for a host
// match, then routed to the backend associated with the matching IngressRuleValue.
#IngressRule: {
// Host is the fully qualified domain name of a network host, as defined by RFC 3986.
// Note the following deviations from the "host" part of the
// URI as defined in RFC 3986:
// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
// the IP in the Spec of the parent Ingress.
// 2. The `:` delimiter is not respected because ports are not allowed.
// Currently the port of an Ingress is implicitly :80 for http and
// :443 for https.
// Both these may change in the future.
// Incoming requests are matched against the host before the
// IngressRuleValue. If the host is unspecified, the Ingress routes all
// traffic based on the specified IngressRuleValue.
//
// Host can be "precise" which is a domain name without the terminating dot of
// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name
// prefixed with a single wildcard label (e.g. "*.foo.com").
// The wildcard character '*' must appear by itself as the first DNS label and
// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*").
// Requests will be matched against the Host field in the following way:
// 1. If Host is precise, the request matches this rule if the http host header is equal to Host.
// 2. If Host is a wildcard, then the request matches this rule if the http host header
// is to equal to the suffix (removing the first label) of the wildcard rule.
// +optional
host?: string @go(Host) @protobuf(1,bytes,opt)
#IngressRuleValue
}
// IngressRuleValue represents a rule to apply against incoming requests. If the
// rule is satisfied, the request is routed to the specified backend. Currently
// mixing different types of rules in a single Ingress is disallowed, so exactly
// one of the following must be set.
#IngressRuleValue: {
// +optional
http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt)
}
// HTTPIngressRuleValue is a list of http selectors pointing to backends.
// In the example: http://<host>/<path>?<searchpart> -> backend where
// where parts of the url correspond to RFC 3986, this resource will be used
// to match against everything after the last '/' and before the first '?'
// or '#'.
#HTTPIngressRuleValue: {
// A collection of paths that map requests to backends.
// +listType=atomic
paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep)
}
// PathType represents the type of path referred to by a HTTPIngressPath.
// +enum
#PathType: string // #enumPathType
#enumPathType:
#PathTypeExact |
#PathTypePrefix |
#PathTypeImplementationSpecific
// PathTypeExact matches the URL path exactly and with case sensitivity.
#PathTypeExact: #PathType & "Exact"
// PathTypePrefix matches based on a URL path prefix split by '/'. Matching
// is case sensitive and done on a path element by element basis. A path
// element refers to the list of labels in the path split by the '/'
// separator. A request is a match for path p if every p is an element-wise
// prefix of p of the request path. Note that if the last element of the
// path is a substring of the last element in request path, it is not a
// match (e.g. /foo/bar matches /foo/bar/baz, but does not match
// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the
// longest matching path is given priority.
// Examples:
// - /foo/bar does not match requests to /foo/barbaz
// - /foo/bar matches request to /foo/bar and /foo/bar/baz
// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are
// present in an Ingress spec, the longest matching path (/foo/) is given
// priority.
#PathTypePrefix: #PathType & "Prefix"
// PathTypeImplementationSpecific matching is up to the IngressClass.
// Implementations can treat this as a separate PathType or treat it
// identically to Prefix or Exact path types.
#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific"
// HTTPIngressPath associates a path with a backend. Incoming urls matching the
// path are forwarded to the backend.
#HTTPIngressPath: {
// Path is matched against the path of an incoming request. Currently it can
// contain characters disallowed from the conventional "path" part of a URL
// as defined by RFC 3986. Paths must begin with a '/' and must be present
// when using PathType with value "Exact" or "Prefix".
// +optional
path?: string @go(Path) @protobuf(1,bytes,opt)
// PathType determines the interpretation of the Path matching. PathType can
// be one of the following values:
// * Exact: Matches the URL path exactly.
// * Prefix: Matches based on a URL path prefix split by '/'. Matching is
// done on a path element by element basis. A path element refers is the
// list of labels in the path split by the '/' separator. A request is a
// match for path p if every p is an element-wise prefix of p of the
// request path. Note that if the last element of the path is a substring
// of the last element in request path, it is not a match (e.g. /foo/bar
// matches /foo/bar/baz, but does not match /foo/barbaz).
// * ImplementationSpecific: Interpretation of the Path matching is up to
// the IngressClass. Implementations can treat this as a separate PathType
// or treat it identically to Prefix or Exact path types.
// Implementations are required to support all path types.
pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt)
// Backend defines the referenced service endpoint to which the traffic
// will be forwarded to.
backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt)
}
// IngressBackend describes all endpoints for a given service and port.
#IngressBackend: {
// Service references a Service as a Backend.
// This is a mutually exclusive setting with "Resource".
// +optional
service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt)
// Resource is an ObjectRef to another Kubernetes resource in the namespace
// of the Ingress object. If resource is specified, a service.Name and
// service.Port must not be specified.
// This is a mutually exclusive setting with "Service".
// +optional
resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt)
}
// IngressServiceBackend references a Kubernetes Service as a Backend.
#IngressServiceBackend: {
// Name is the referenced service. The service must exist in
// the same namespace as the Ingress object.
name: string @go(Name) @protobuf(1,bytes,opt)
// Port of the referenced service. A port name or port number
// is required for a IngressServiceBackend.
port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt)
}
// ServiceBackendPort is the service port being referenced.
#ServiceBackendPort: {
// Name is the name of the port on the Service.
// This is a mutually exclusive setting with "Number".
// +optional
name?: string @go(Name) @protobuf(1,bytes,opt)
// Number is the numerical port number (e.g. 80) on the Service.
// This is a mutually exclusive setting with "Name".
// +optional
number?: int32 @go(Number) @protobuf(2,bytes,opt)
}
// IngressClass represents the class of the Ingress, referenced by the Ingress
// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be
// used to indicate that an IngressClass should be considered default. When a
// single IngressClass resource has this annotation set to true, new Ingress
// resources without a class specified will be assigned this default class.
#IngressClass: {
metav1.#TypeMeta
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// Spec is the desired state of the IngressClass.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +optional
spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt)
}
// IngressClassSpec provides information about the class of an Ingress.
#IngressClassSpec: {
// Controller refers to the name of the controller that should handle this
// class. This allows for different "flavors" that are controlled by the
// same controller. For example, you may have different Parameters for the
// same implementing controller. This should be specified as a
// domain-prefixed path no more than 250 characters in length, e.g.
// "acme.io/ingress-controller". This field is immutable.
controller?: string @go(Controller) @protobuf(1,bytes,opt)
// Parameters is a link to a custom resource containing additional
// configuration for the controller. This is optional if the controller does
// not require extra parameters.
// +optional
parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt)
}
// IngressClassParametersReferenceScopeNamespace indicates that the
// referenced Parameters resource is namespace-scoped.
#IngressClassParametersReferenceScopeNamespace: "Namespace"
// IngressClassParametersReferenceScopeNamespace indicates that the
// referenced Parameters resource is cluster-scoped.
#IngressClassParametersReferenceScopeCluster: "Cluster"
// IngressClassParametersReference identifies an API object. This can be used
// to specify a cluster or namespace-scoped resource.
#IngressClassParametersReference: {
// APIGroup is the group for the resource being referenced. If APIGroup is
// not specified, the specified Kind must be in the core API group. For any
// other third-party types, APIGroup is required.
// +optional
apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup)
// Kind is the type of resource being referenced.
kind: string @go(Kind) @protobuf(2,bytes,opt)
// Name is the name of resource being referenced.
name: string @go(Name) @protobuf(3,bytes,opt)
// Scope represents if this refers to a cluster or namespace scoped resource.
// This may be set to "Cluster" (default) or "Namespace".
// +optional
scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt)
// Namespace is the namespace of the resource being referenced. This field is
// required when scope is set to "Namespace" and must be unset when scope is set to
// "Cluster".
// +optional
namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt)
}
// IngressClassList is a collection of IngressClasses.
#IngressClassList: {
metav1.#TypeMeta
// Standard list metadata.
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// Items is the list of IngressClasses.
items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep)
}

11
cue/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue
View File

@@ -1,11 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/api/networking/v1
package v1
// AnnotationIsDefaultIngressClass can be used to indicate that an
// IngressClass should be considered default. When a single IngressClass
// resource has this annotation set to true, new Ingress resources without a
// class specified will be assigned this default class.
#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class"

6
cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue
View File

@@ -1,6 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
// Package v1 is the v1 version of the API.
package v1

7
cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
package v1
#GroupName: "apiextensions.k8s.io"

513
cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue
View File

@@ -1,513 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/runtime"
)
// ConversionStrategyType describes different conversion types.
#ConversionStrategyType: string // #enumConversionStrategyType
#enumConversionStrategyType:
#NoneConverter |
#WebhookConverter
// KubeAPIApprovedAnnotation is an annotation that must be set to create a CRD for the k8s.io, *.k8s.io, kubernetes.io, or *.kubernetes.io namespaces.
// The value should be a link to a URL where the current spec was approved, so updates to the spec should also update the URL.
// If the API is unapproved, you may set the annotation to a string starting with `"unapproved"`. For instance, `"unapproved, temporarily squatting"` or `"unapproved, experimental-only"`. This is discouraged.
#KubeAPIApprovedAnnotation: "api-approved.kubernetes.io"
// NoneConverter is a converter that only sets apiversion of the CR and leave everything else unchanged.
#NoneConverter: #ConversionStrategyType & "None"
// WebhookConverter is a converter that calls to an external webhook to convert the CR.
#WebhookConverter: #ConversionStrategyType & "Webhook"
// CustomResourceDefinitionSpec describes how a user wants their resource to appear
#CustomResourceDefinitionSpec: {
// group is the API group of the defined custom resource.
// The custom resources are served under `/apis/<group>/...`.
// Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
group: string @go(Group) @protobuf(1,bytes,opt)
// names specify the resource and kind names for the custom resource.
names: #CustomResourceDefinitionNames @go(Names) @protobuf(3,bytes,opt)
// scope indicates whether the defined custom resource is cluster- or namespace-scoped.
// Allowed values are `Cluster` and `Namespaced`.
scope: #ResourceScope @go(Scope) @protobuf(4,bytes,opt,casttype=ResourceScope)
// versions is the list of all API versions of the defined custom resource.
// Version names are used to compute the order in which served versions are listed in API discovery.
// If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered
// lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version),
// then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first
// by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing
// major version, then minor version. An example sorted list of versions:
// v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
versions: [...#CustomResourceDefinitionVersion] @go(Versions,[]CustomResourceDefinitionVersion) @protobuf(7,bytes,rep)
// conversion defines conversion settings for the CRD.
// +optional
conversion?: null | #CustomResourceConversion @go(Conversion,*CustomResourceConversion) @protobuf(9,bytes,opt)
// preserveUnknownFields indicates that object fields which are not specified
// in the OpenAPI schema should be preserved when persisting to storage.
// apiVersion, kind, metadata and known fields inside metadata are always preserved.
// This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`.
// See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields for details.
// +optional
preserveUnknownFields?: bool @go(PreserveUnknownFields) @protobuf(10,varint,opt)
}
// CustomResourceConversion describes how to convert different versions of a CR.
#CustomResourceConversion: {
// strategy specifies how custom resources are converted between versions. Allowed values are:
// - `None`: The converter only change the apiVersion and would not touch any other field in the custom resource.
// - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information
// is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
strategy: #ConversionStrategyType @go(Strategy) @protobuf(1,bytes)
// webhook describes how to call the conversion webhook. Required when `strategy` is set to `Webhook`.
// +optional
webhook?: null | #WebhookConversion @go(Webhook,*WebhookConversion) @protobuf(2,bytes,opt)
}
// WebhookConversion describes how to call a conversion webhook
#WebhookConversion: {
// clientConfig is the instructions for how to call the webhook if strategy is `Webhook`.
// +optional
clientConfig?: null | #WebhookClientConfig @go(ClientConfig,*WebhookClientConfig) @protobuf(2,bytes)
// conversionReviewVersions is an ordered list of preferred `ConversionReview`
// versions the Webhook expects. The API server will use the first version in
// the list which it supports. If none of the versions specified in this list
// are supported by API server, conversion will fail for the custom resource.
// If a persisted Webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail.
conversionReviewVersions: [...string] @go(ConversionReviewVersions,[]string) @protobuf(3,bytes,rep)
}
// WebhookClientConfig contains the information to make a TLS connection with the webhook.
#WebhookClientConfig: {
// url gives the location of the webhook, in standard URL form
// (`scheme://host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
url?: null | string @go(URL,*string) @protobuf(3,bytes,opt)
// service is a reference to the service for this webhook. Either
// service or url must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// +optional
service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt)
// caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt)
}
// ServiceReference holds a reference to Service.legacy.k8s.io
#ServiceReference: {
// namespace is the namespace of the service.
// Required
namespace: string @go(Namespace) @protobuf(1,bytes,opt)
// name is the name of the service.
// Required
name: string @go(Name) @protobuf(2,bytes,opt)
// path is an optional URL path at which the webhook will be contacted.
// +optional
path?: null | string @go(Path,*string) @protobuf(3,bytes,opt)
// port is an optional service port at which the webhook will be contacted.
// `port` should be a valid port number (1-65535, inclusive).
// Defaults to 443 for backward compatibility.
// +optional
port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt)
}
// CustomResourceDefinitionVersion describes a version for CRD.
#CustomResourceDefinitionVersion: {
// name is the version name, e.g. “v1”, “v2beta1”, etc.
// The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
name: string @go(Name) @protobuf(1,bytes,opt)
// served is a flag enabling/disabling this version from being served via REST APIs
served: bool @go(Served) @protobuf(2,varint,opt)
// storage indicates this version should be used when persisting custom resources to storage.
// There must be exactly one version with storage=true.
storage: bool @go(Storage) @protobuf(3,varint,opt)
// deprecated indicates this version of the custom resource API is deprecated.
// When set to true, API requests to this version receive a warning header in the server response.
// Defaults to false.
// +optional
deprecated?: bool @go(Deprecated) @protobuf(7,varint,opt)
// deprecationWarning overrides the default warning returned to API clients.
// May only be set when `deprecated` is true.
// The default warning indicates this version is deprecated and recommends use
// of the newest served version of equal or greater stability, if one exists.
// +optional
deprecationWarning?: null | string @go(DeprecationWarning,*string) @protobuf(8,bytes,opt)
// schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource.
// +optional
schema?: null | #CustomResourceValidation @go(Schema,*CustomResourceValidation) @protobuf(4,bytes,opt)
// subresources specify what subresources this version of the defined custom resource have.
// +optional
subresources?: null | #CustomResourceSubresources @go(Subresources,*CustomResourceSubresources) @protobuf(5,bytes,opt)
// additionalPrinterColumns specifies additional columns returned in Table output.
// See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
// If no columns are specified, a single column displaying the age of the custom resource is used.
// +optional
additionalPrinterColumns?: [...#CustomResourceColumnDefinition] @go(AdditionalPrinterColumns,[]CustomResourceColumnDefinition) @protobuf(6,bytes,rep)
}
// CustomResourceColumnDefinition specifies a column for server side printing.
#CustomResourceColumnDefinition: {
// name is a human readable name for the column.
name: string @go(Name) @protobuf(1,bytes,opt)
// type is an OpenAPI type definition for this column.
// See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
type: string @go(Type) @protobuf(2,bytes,opt)
// format is an optional OpenAPI type definition for this column. The 'name' format is applied
// to the primary identifier column to assist in clients identifying column is the resource name.
// See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
// +optional
format?: string @go(Format) @protobuf(3,bytes,opt)
// description is a human readable description of this column.
// +optional
description?: string @go(Description) @protobuf(4,bytes,opt)
// priority is an integer defining the relative importance of this column compared to others. Lower
// numbers are considered higher priority. Columns that may be omitted in limited space scenarios
// should be given a priority greater than 0.
// +optional
priority?: int32 @go(Priority) @protobuf(5,bytes,opt)
// jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against
// each custom resource to produce the value for this column.
jsonPath: string @go(JSONPath) @protobuf(6,bytes,opt)
}
// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
#CustomResourceDefinitionNames: {
// plural is the plural name of the resource to serve.
// The custom resources are served under `/apis/<group>/<version>/.../<plural>`.
// Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
// Must be all lowercase.
plural: string @go(Plural) @protobuf(1,bytes,opt)
// singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.
// +optional
singular?: string @go(Singular) @protobuf(2,bytes,opt)
// shortNames are short names for the resource, exposed in API discovery documents,
// and used by clients to support invocations like `kubectl get <shortname>`.
// It must be all lowercase.
// +optional
shortNames?: [...string] @go(ShortNames,[]string) @protobuf(3,bytes,opt)
// kind is the serialized kind of the resource. It is normally CamelCase and singular.
// Custom resource instances will use this value as the `kind` attribute in API calls.
kind: string @go(Kind) @protobuf(4,bytes,opt)
// listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".
// +optional
listKind?: string @go(ListKind) @protobuf(5,bytes,opt)
// categories is a list of grouped resources this custom resource belongs to (e.g. 'all').
// This is published in API discovery documents, and used by clients to support invocations like
// `kubectl get all`.
// +optional
categories?: [...string] @go(Categories,[]string) @protobuf(6,bytes,rep)
}
// ResourceScope is an enum defining the different scopes available to a custom resource
#ResourceScope: string // #enumResourceScope
#enumResourceScope:
#ClusterScoped |
#NamespaceScoped
#ClusterScoped: #ResourceScope & "Cluster"
#NamespaceScoped: #ResourceScope & "Namespaced"
#ConditionStatus: string // #enumConditionStatus
#enumConditionStatus:
#ConditionTrue |
#ConditionFalse |
#ConditionUnknown
#ConditionTrue: #ConditionStatus & "True"
#ConditionFalse: #ConditionStatus & "False"
#ConditionUnknown: #ConditionStatus & "Unknown"
// CustomResourceDefinitionConditionType is a valid value for CustomResourceDefinitionCondition.Type
#CustomResourceDefinitionConditionType: string // #enumCustomResourceDefinitionConditionType
#enumCustomResourceDefinitionConditionType:
#Established |
#NamesAccepted |
#NonStructuralSchema |
#Terminating |
#KubernetesAPIApprovalPolicyConformant
// Established means that the resource has become active. A resource is established when all names are
// accepted without a conflict for the first time. A resource stays established until deleted, even during
// a later NamesAccepted due to changed names. Note that not all names can be changed.
#Established: #CustomResourceDefinitionConditionType & "Established"
// NamesAccepted means the names chosen for this CustomResourceDefinition do not conflict with others in
// the group and are therefore accepted.
#NamesAccepted: #CustomResourceDefinitionConditionType & "NamesAccepted"
// NonStructuralSchema means that one or more OpenAPI schema is not structural.
//
// A schema is structural if it specifies types for all values, with the only exceptions of those with
// - x-kubernetes-int-or-string: true — for fields which can be integer or string
// - x-kubernetes-preserve-unknown-fields: true — for raw, unspecified JSON values
// and there is no type, additionalProperties, default, nullable or x-kubernetes-* vendor extenions
// specified under allOf, anyOf, oneOf or not.
//
// Non-structural schemas will not be allowed anymore in v1 API groups. Moreover, new features will not be
// available for non-structural CRDs:
// - pruning
// - defaulting
// - read-only
// - OpenAPI publishing
// - webhook conversion
#NonStructuralSchema: #CustomResourceDefinitionConditionType & "NonStructuralSchema"
// Terminating means that the CustomResourceDefinition has been deleted and is cleaning up.
#Terminating: #CustomResourceDefinitionConditionType & "Terminating"
// KubernetesAPIApprovalPolicyConformant indicates that an API in *.k8s.io or *.kubernetes.io is or is not approved. For CRDs
// outside those groups, this condition will not be set. For CRDs inside those groups, the condition will
// be true if .metadata.annotations["api-approved.kubernetes.io"] is set to a URL, otherwise it will be false.
// See https://github.com/kubernetes/enhancements/pull/1111 for more details.
#KubernetesAPIApprovalPolicyConformant: #CustomResourceDefinitionConditionType & "KubernetesAPIApprovalPolicyConformant"
// CustomResourceDefinitionCondition contains details for the current condition of this pod.
#CustomResourceDefinitionCondition: {
// type is the type of the condition. Types include Established, NamesAccepted and Terminating.
type: #CustomResourceDefinitionConditionType @go(Type) @protobuf(1,bytes,opt,casttype=CustomResourceDefinitionConditionType)
// status is the status of the condition.
// Can be True, False, Unknown.
status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus)
// lastTransitionTime last time the condition transitioned from one status to another.
// +optional
lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
// reason is a unique, one-word, CamelCase reason for the condition's last transition.
// +optional
reason?: string @go(Reason) @protobuf(4,bytes,opt)
// message is a human-readable message indicating details about last transition.
// +optional
message?: string @go(Message) @protobuf(5,bytes,opt)
}
// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition
#CustomResourceDefinitionStatus: {
// conditions indicate state for particular aspects of a CustomResourceDefinition
// +optional
// +listType=map
// +listMapKey=type
conditions: [...#CustomResourceDefinitionCondition] @go(Conditions,[]CustomResourceDefinitionCondition) @protobuf(1,bytes,opt)
// acceptedNames are the names that are actually being used to serve discovery.
// They may be different than the names in spec.
// +optional
acceptedNames: #CustomResourceDefinitionNames @go(AcceptedNames) @protobuf(2,bytes,opt)
// storedVersions lists all versions of CustomResources that were ever persisted. Tracking these
// versions allows a migration path for stored versions in etcd. The field is mutable
// so a migration controller can finish a migration to another version (ensuring
// no old objects are left in storage), and then remove the rest of the
// versions from this list.
// Versions may not be removed from `spec.versions` while they exist in this list.
// +optional
storedVersions: [...string] @go(StoredVersions,[]string) @protobuf(3,bytes,rep)
}
#CustomResourceCleanupFinalizer: "customresourcecleanup.apiextensions.k8s.io"
// CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format
// <.spec.name>.<.spec.group>.
#CustomResourceDefinition: {
metav1.#TypeMeta
// Standard object's metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
// spec describes how the user wants the resources to appear
spec: #CustomResourceDefinitionSpec @go(Spec) @protobuf(2,bytes,opt)
// status indicates the actual state of the CustomResourceDefinition
// +optional
status?: #CustomResourceDefinitionStatus @go(Status) @protobuf(3,bytes,opt)
}
// CustomResourceDefinitionList is a list of CustomResourceDefinition objects.
#CustomResourceDefinitionList: {
metav1.#TypeMeta
// Standard object's metadata
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
// items list individual CustomResourceDefinition objects
items: [...#CustomResourceDefinition] @go(Items,[]CustomResourceDefinition) @protobuf(2,bytes,rep)
}
// CustomResourceValidation is a list of validation methods for CustomResources.
#CustomResourceValidation: {
// openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.
// +optional
openAPIV3Schema?: null | #JSONSchemaProps @go(OpenAPIV3Schema,*JSONSchemaProps) @protobuf(1,bytes,opt)
}
// CustomResourceSubresources defines the status and scale subresources for CustomResources.
#CustomResourceSubresources: {
// status indicates the custom resource should serve a `/status` subresource.
// When enabled:
// 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object.
// 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object.
// +optional
status?: null | #CustomResourceSubresourceStatus @go(Status,*CustomResourceSubresourceStatus) @protobuf(1,bytes,opt)
// scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object.
// +optional
scale?: null | #CustomResourceSubresourceScale @go(Scale,*CustomResourceSubresourceScale) @protobuf(2,bytes,opt)
}
// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources.
// Status is represented by the `.status` JSON path inside of a CustomResource. When set,
// * exposes a /status subresource for the custom resource
// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza
// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza
#CustomResourceSubresourceStatus: {
}
// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.
#CustomResourceSubresourceScale: {
// specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under `.spec`.
// If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.
specReplicasPath: string @go(SpecReplicasPath) @protobuf(1,bytes)
// statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under `.status`.
// If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource
// will default to 0.
statusReplicasPath: string @go(StatusReplicasPath) @protobuf(2,bytes,opt)
// labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`.
// Only JSON paths without the array notation are allowed.
// Must be a JSON Path under `.status` or `.spec`.
// Must be set to work with HorizontalPodAutoscaler.
// The field pointed by this JSON path must be a string field (not a complex selector struct)
// which contains a serialized label selector in string form.
// More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
// If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale`
// subresource will default to the empty string.
// +optional
labelSelectorPath?: null | string @go(LabelSelectorPath,*string) @protobuf(3,bytes,opt)
}
// ConversionReview describes a conversion request/response.
#ConversionReview: {
metav1.#TypeMeta
// request describes the attributes for the conversion request.
// +optional
request?: null | #ConversionRequest @go(Request,*ConversionRequest) @protobuf(1,bytes,opt)
// response describes the attributes for the conversion response.
// +optional
response?: null | #ConversionResponse @go(Response,*ConversionResponse) @protobuf(2,bytes,opt)
}
// ConversionRequest describes the conversion request parameters.
#ConversionRequest: {
// uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are
// otherwise identical (parallel requests, etc).
// The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request.
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
uid: types.#UID @go(UID) @protobuf(1,bytes)
// desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1"
desiredAPIVersion: string @go(DesiredAPIVersion) @protobuf(2,bytes)
// objects is the list of custom resource objects to be converted.
objects: [...runtime.#RawExtension] @go(Objects,[]runtime.RawExtension) @protobuf(3,bytes,rep)
}
// ConversionResponse describes a conversion response.
#ConversionResponse: {
// uid is an identifier for the individual request/response.
// This should be copied over from the corresponding `request.uid`.
uid: types.#UID @go(UID) @protobuf(1,bytes)
// convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty.
// The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list
// must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace).
// The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored.
convertedObjects: [...runtime.#RawExtension] @go(ConvertedObjects,[]runtime.RawExtension) @protobuf(2,bytes,rep)
// result contains the result of conversion with extra details if the conversion failed. `result.status` determines if
// the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the
// conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set
// `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message`
// will be used to construct an error message for the end user.
result: metav1.#Status @go(Result) @protobuf(3,bytes)
}

257
cue/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue
View File

@@ -1,257 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
package v1
// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).
#JSONSchemaProps: {
id?: string @go(ID) @protobuf(1,bytes,opt)
$schema?: #JSONSchemaURL @go(Schema) @protobuf(2,bytes,opt,name=schema)
$ref?: null | string @go(Ref,*string) @protobuf(3,bytes,opt,name=ref)
description?: string @go(Description) @protobuf(4,bytes,opt)
type?: string @go(Type) @protobuf(5,bytes,opt)
// format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:
//
// - bsonobjectid: a bson object ID, i.e. a 24 characters hex string
// - uri: an URI as parsed by Golang net/url.ParseRequestURI
// - email: an email address as parsed by Golang net/mail.ParseAddress
// - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034].
// - ipv4: an IPv4 IP as parsed by Golang net.ParseIP
// - ipv6: an IPv6 IP as parsed by Golang net.ParseIP
// - cidr: a CIDR as parsed by Golang net.ParseCIDR
// - mac: a MAC address as parsed by Golang net.ParseMAC
// - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$
// - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041"
// - isbn10: an ISBN10 number string like "0321751043"
// - isbn13: an ISBN13 number string like "978-0321751041"
// - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in
// - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$
// - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$
// - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559"
// - byte: base64 encoded binary data
// - password: any kind of string
// - date: a date string like "2006-01-02" as defined by full-date in RFC3339
// - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format
// - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
format?: string @go(Format) @protobuf(6,bytes,opt)
title?: string @go(Title) @protobuf(7,bytes,opt)
// default is a default value for undefined object fields.
// Defaulting is a beta feature under the CustomResourceDefaulting feature gate.
// Defaulting requires spec.preserveUnknownFields to be false.
default?: null | #JSON @go(Default,*JSON) @protobuf(8,bytes,opt)
maximum?: null | float64 @go(Maximum,*float64) @protobuf(9,bytes,opt)
exclusiveMaximum?: bool @go(ExclusiveMaximum) @protobuf(10,bytes,opt)
minimum?: null | float64 @go(Minimum,*float64) @protobuf(11,bytes,opt)
exclusiveMinimum?: bool @go(ExclusiveMinimum) @protobuf(12,bytes,opt)
maxLength?: null | int64 @go(MaxLength,*int64) @protobuf(13,bytes,opt)
minLength?: null | int64 @go(MinLength,*int64) @protobuf(14,bytes,opt)
pattern?: string @go(Pattern) @protobuf(15,bytes,opt)
maxItems?: null | int64 @go(MaxItems,*int64) @protobuf(16,bytes,opt)
minItems?: null | int64 @go(MinItems,*int64) @protobuf(17,bytes,opt)
uniqueItems?: bool @go(UniqueItems) @protobuf(18,bytes,opt)
multipleOf?: null | float64 @go(MultipleOf,*float64) @protobuf(19,bytes,opt)
enum?: [...#JSON] @go(Enum,[]JSON) @protobuf(20,bytes,rep)
maxProperties?: null | int64 @go(MaxProperties,*int64) @protobuf(21,bytes,opt)
minProperties?: null | int64 @go(MinProperties,*int64) @protobuf(22,bytes,opt)
required?: [...string] @go(Required,[]string) @protobuf(23,bytes,rep)
items?: null | #JSONSchemaPropsOrArray @go(Items,*JSONSchemaPropsOrArray) @protobuf(24,bytes,opt)
allOf?: [...#JSONSchemaProps] @go(AllOf,[]JSONSchemaProps) @protobuf(25,bytes,rep)
oneOf?: [...#JSONSchemaProps] @go(OneOf,[]JSONSchemaProps) @protobuf(26,bytes,rep)
anyOf?: [...#JSONSchemaProps] @go(AnyOf,[]JSONSchemaProps) @protobuf(27,bytes,rep)
not?: null | #JSONSchemaProps @go(Not,*JSONSchemaProps) @protobuf(28,bytes,opt)
properties?: {[string]: #JSONSchemaProps} @go(Properties,map[string]JSONSchemaProps) @protobuf(29,bytes,rep)
additionalProperties?: null | #JSONSchemaPropsOrBool @go(AdditionalProperties,*JSONSchemaPropsOrBool) @protobuf(30,bytes,opt)
patternProperties?: {[string]: #JSONSchemaProps} @go(PatternProperties,map[string]JSONSchemaProps) @protobuf(31,bytes,rep)
dependencies?: #JSONSchemaDependencies @go(Dependencies) @protobuf(32,bytes,opt)
additionalItems?: null | #JSONSchemaPropsOrBool @go(AdditionalItems,*JSONSchemaPropsOrBool) @protobuf(33,bytes,opt)
definitions?: #JSONSchemaDefinitions @go(Definitions) @protobuf(34,bytes,opt)
externalDocs?: null | #ExternalDocumentation @go(ExternalDocs,*ExternalDocumentation) @protobuf(35,bytes,opt)
example?: null | #JSON @go(Example,*JSON) @protobuf(36,bytes,opt)
nullable?: bool @go(Nullable) @protobuf(37,bytes,opt)
// x-kubernetes-preserve-unknown-fields stops the API server
// decoding step from pruning fields which are not specified
// in the validation schema. This affects fields recursively,
// but switches back to normal pruning behaviour if nested
// properties or additionalProperties are specified in the schema.
// This can either be true or undefined. False is forbidden.
"x-kubernetes-preserve-unknown-fields"?: null | bool @go(XPreserveUnknownFields,*bool) @protobuf(38,bytes,opt,name=xKubernetesPreserveUnknownFields)
// x-kubernetes-embedded-resource defines that the value is an
// embedded Kubernetes runtime.Object, with TypeMeta and
// ObjectMeta. The type must be object. It is allowed to further
// restrict the embedded object. kind, apiVersion and metadata
// are validated automatically. x-kubernetes-preserve-unknown-fields
// is allowed to be true, but does not have to be if the object
// is fully specified (up to kind, apiVersion, metadata).
"x-kubernetes-embedded-resource"?: bool @go(XEmbeddedResource) @protobuf(39,bytes,opt,name=xKubernetesEmbeddedResource)
// x-kubernetes-int-or-string specifies that this value is
// either an integer or a string. If this is true, an empty
// type is allowed and type as child of anyOf is permitted
// if following one of the following patterns:
//
// 1) anyOf:
// - type: integer
// - type: string
// 2) allOf:
// - anyOf:
// - type: integer
// - type: string
// - ... zero or more
"x-kubernetes-int-or-string"?: bool @go(XIntOrString) @protobuf(40,bytes,opt,name=xKubernetesIntOrString)
// x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used
// as the index of the map.
//
// This tag MUST only be used on lists that have the "x-kubernetes-list-type"
// extension set to "map". Also, the values specified for this attribute must
// be a scalar typed field of the child structure (no nesting is supported).
//
// The properties specified must either be required or have a default value,
// to ensure those properties are present for all list items.
//
// +optional
"x-kubernetes-list-map-keys"?: [...string] @go(XListMapKeys,[]string) @protobuf(41,bytes,rep,name=xKubernetesListMapKeys)
// x-kubernetes-list-type annotates an array to further describe its topology.
// This extension must only be used on lists and may have 3 possible values:
//
// 1) `atomic`: the list is treated as a single entity, like a scalar.
// Atomic lists will be entirely replaced when updated. This extension
// may be used on any type of list (struct, scalar, ...).
// 2) `set`:
// Sets are lists that must not have multiple items with the same value. Each
// value must be a scalar, an object with x-kubernetes-map-type `atomic` or an
// array with x-kubernetes-list-type `atomic`.
// 3) `map`:
// These lists are like maps in that their elements have a non-index key
// used to identify them. Order is preserved upon merge. The map tag
// must only be used on a list with elements of type object.
// Defaults to atomic for arrays.
// +optional
"x-kubernetes-list-type"?: null | string @go(XListType,*string) @protobuf(42,bytes,opt,name=xKubernetesListType)
// x-kubernetes-map-type annotates an object to further describe its topology.
// This extension must only be used when type is object and may have 2 possible values:
//
// 1) `granular`:
// These maps are actual maps (key-value pairs) and each fields are independent
// from each other (they can each be manipulated by separate actors). This is
// the default behaviour for all maps.
// 2) `atomic`: the list is treated as a single entity, like a scalar.
// Atomic maps will be entirely replaced when updated.
// +optional
"x-kubernetes-map-type"?: null | string @go(XMapType,*string) @protobuf(43,bytes,opt,name=xKubernetesMapType)
// x-kubernetes-validations describes a list of validation rules written in the CEL expression language.
// This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.
// +patchMergeKey=rule
// +patchStrategy=merge
// +listType=map
// +listMapKey=rule
"x-kubernetes-validations"?: #ValidationRules @go(XValidations) @protobuf(44,bytes,rep,name=xKubernetesValidations)
}
// ValidationRules describes a list of validation rules written in the CEL expression language.
#ValidationRules: [...#ValidationRule]
// ValidationRule describes a validation rule written in the CEL expression language.
#ValidationRule: {
// Rule represents the expression which will be evaluated by CEL.
// ref: https://github.com/google/cel-spec
// The Rule is scoped to the location of the x-kubernetes-validations extension in the schema.
// The `self` variable in the CEL expression is bound to the scoped value.
// Example:
// - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"}
//
// If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable
// via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as
// absent fields in CEL expressions.
// If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map
// are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map
// are accessible via CEL macros and functions such as `self.all(...)`.
// If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and
// functions.
// If the Rule is scoped to a scalar, `self` is bound to the scalar value.
// Examples:
// - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"}
// - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"}
// - Rule scoped to a string value: {"rule": "self.startsWith('kube')"}
//
// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
// object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible.
//
// Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL
// expressions. This includes:
// - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields.
// - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as:
// - A schema with no type and x-kubernetes-preserve-unknown-fields set to true
// - An array where the items schema is of an "unknown type"
// - An object where the additionalProperties schema is of an "unknown type"
//
// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
// Accessible property names are escaped according to the following rules when accessed in the expression:
// - '__' escapes to '__underscores__'
// - '.' escapes to '__dot__'
// - '-' escapes to '__dash__'
// - '/' escapes to '__slash__'
// - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
// "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
// "import", "let", "loop", "package", "namespace", "return".
// Examples:
// - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"}
// - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"}
// - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"}
//
// Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
// non-intersecting elements in `Y` are appended, retaining their partial order.
// - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
// are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
// non-intersecting keys are appended, retaining their partial order.
rule: string @go(Rule) @protobuf(1,bytes,opt)
// Message represents the message displayed when validation fails. The message is required if the Rule contains
// line breaks. The message must not contain line breaks.
// If unset, the message is "failed rule: {Rule}".
// e.g. "must be a URL with the host matching spec.host"
message?: string @go(Message) @protobuf(2,bytes,opt)
}
// JSON represents any valid JSON value.
// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
#JSON: _
// JSONSchemaURL represents a schema url.
#JSONSchemaURL: string
// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps
// or an array of JSONSchemaProps. Mainly here for serialization purposes.
#JSONSchemaPropsOrArray: _
// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value.
// Defaults to true for the boolean property.
#JSONSchemaPropsOrBool: _
// JSONSchemaDependencies represent a dependencies property.
#JSONSchemaDependencies: {[string]: #JSONSchemaPropsOrStringArray}
// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array.
#JSONSchemaPropsOrStringArray: _
// JSONSchemaDefinitions contains the models explicitly defined in this spec.
#JSONSchemaDefinitions: {[string]: #JSONSchemaProps}
// ExternalDocumentation allows referencing an external resource for extended documentation.
#ExternalDocumentation: {
description?: string @go(Description) @protobuf(1,bytes,opt)
url?: string @go(URL) @protobuf(2,bytes,opt)
}

47
cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
View File

@@ -1,47 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
// Scale is used for getting and setting the base-10 scaled value.
// Base-2 scales are omitted for mathematical simplicity.
// See Quantity.ScaledValue for more details.
#Scale: int32 // #enumScale
#enumScale:
#Nano |
#Micro |
#Milli |
#Kilo |
#Mega |
#Giga |
#Tera |
#Peta |
#Exa
#values_Scale: {
Nano: #Nano
Micro: #Micro
Milli: #Milli
Kilo: #Kilo
Mega: #Mega
Giga: #Giga
Tera: #Tera
Peta: #Peta
Exa: #Exa
}
#Nano: #Scale & -9
#Micro: #Scale & -6
#Milli: #Scale & -3
#Kilo: #Scale & 3
#Mega: #Scale & 6
#Giga: #Scale & 9
#Tera: #Scale & 12
#Peta: #Scale & 15
#Exa: #Scale & 18
// infDecAmount implements common operations over an inf.Dec that are specific to the quantity
// representation.
_#infDecAmount: string

13
cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
View File

@@ -1,13 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64.
// It is also the maximum decimal digits that can be represented with an int64.
_#maxInt64Factors: 18
_#mostNegative: -9223372036854775808
_#mostPositive: 9223372036854775807

96
cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
View File

@@ -1,96 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
// Quantity is a fixed-point representation of a number.
// It provides convenient marshaling/unmarshaling in JSON and YAML,
// in addition to String() and AsInt64() accessors.
//
// The serialization format is:
//
// <quantity> ::= <signedNumber><suffix>
// (Note that <suffix> may be empty, from the "" case in <decimalSI>.)
// <digit> ::= 0 | 1 | ... | 9
// <digits> ::= <digit> | <digit><digits>
// <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits>
// <sign> ::= "+" | "-"
// <signedNumber> ::= <number> | <sign><number>
// <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI>
// <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
// <decimalSI> ::= m | "" | k | M | G | T | P | E
// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
// <decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber>
//
// No matter which of the three exponent forms is used, no quantity may represent
// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal
// places. Numbers larger or more precise will be capped or rounded up.
// (E.g.: 0.1m will rounded up to 1m.)
// This may be extended in the future if we require larger or smaller quantities.
//
// When a Quantity is parsed from a string, it will remember the type of suffix
// it had, and will use the same type again when it is serialized.
//
// Before serializing, Quantity will be put in "canonical form".
// This means that Exponent/suffix will be adjusted up or down (with a
// corresponding increase or decrease in Mantissa) such that:
// a. No precision is lost
// b. No fractional digits will be emitted
// c. The exponent (or suffix) is as large as possible.
// The sign will be omitted unless the number is negative.
//
// Examples:
// 1.5 will be serialized as "1500m"
// 1.5Gi will be serialized as "1536Mi"
//
// Note that the quantity will NEVER be internally represented by a
// floating point number. That is the whole point of this exercise.
//
// Non-canonical values will still parse as long as they are well formed,
// but will be re-emitted in their canonical form. (So always use canonical
// form, or don't diff.)
//
// This format is intended to make it difficult to use these numbers without
// writing some sort of special handling code in the hopes that that will
// cause implementors to also use a fixed point implementation.
//
// +protobuf=true
// +protobuf.embed=string
// +protobuf.options.marshal=false
// +protobuf.options.(gogoproto.goproto_stringer)=false
// +k8s:deepcopy-gen=true
// +k8s:openapi-gen=true
#Quantity: _
// CanonicalValue allows a quantity amount to be converted to a string.
#CanonicalValue: _
// Format lists the three possible formattings of a quantity.
#Format: string // #enumFormat
#enumFormat:
#DecimalExponent |
#BinarySI |
#DecimalSI
#DecimalExponent: #Format & "DecimalExponent"
#BinarySI: #Format & "BinarySI"
#DecimalSI: #Format & "DecimalSI"
// splitREString is used to separate a number from its suffix; as such,
// this is overly permissive, but that's OK-- it will be checked later.
_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
_#int64QuantityExpectedBytes: 18
// QuantityValue makes it possible to use a Quantity as value for a command
// line parameter.
//
// +protobuf=true
// +protobuf.embed=string
// +protobuf.options.marshal=false
// +protobuf.options.(gogoproto.goproto_stringer)=false
// +k8s:deepcopy-gen=true
#QuantityValue: _

10
cue/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
View File

@@ -1,10 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource
package resource
_#suffix: string
// suffixer can interpret and construct suffixes.
_#suffixer: _

10
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
View File

@@ -1,10 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// Duration is a wrapper around time.Duration which supports correct
// marshaling to YAML and JSON. In particular, it marshals into strings, which
// can be used as map keys in json.
#Duration: _

48
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
View File

@@ -1,48 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying
// concepts during lookup stages without having partially valid types
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupResource: {
group: string @go(Group) @protobuf(1,bytes,opt)
resource: string @go(Resource) @protobuf(2,bytes,opt)
}
// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion
// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupVersionResource: {
group: string @go(Group) @protobuf(1,bytes,opt)
version: string @go(Version) @protobuf(2,bytes,opt)
resource: string @go(Resource) @protobuf(3,bytes,opt)
}
// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying
// concepts during lookup stages without having partially valid types
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupKind: {
group: string @go(Group) @protobuf(1,bytes,opt)
kind: string @go(Kind) @protobuf(2,bytes,opt)
}
// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion
// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupVersionKind: {
group: string @go(Group) @protobuf(1,bytes,opt)
version: string @go(Version) @protobuf(2,bytes,opt)
kind: string @go(Kind) @protobuf(3,bytes,opt)
}
// GroupVersion contains the "group" and the "version", which uniquely identifies the API.
//
// +protobuf.options.(gogoproto.goproto_stringer)=false
#GroupVersion: _

33
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
View File

@@ -1,33 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// TODO: move this, Object, List, and Type to a different package
#ObjectMetaAccessor: _
// Object lets you work with object metadata from any of the versioned or
// internal API objects. Attempting to set or retrieve a field on an object that does
// not support that field (Name, UID, Namespace on lists) will be a no-op and return
// a default value.
#Object: _
// ListMetaAccessor retrieves the list interface from an object
#ListMetaAccessor: _
// Common lets you work with core metadata from any of the versioned or
// internal API objects. Attempting to set or retrieve a field on an object that does
// not support that field will be a no-op and return a default value.
// TODO: move this, and TypeMeta and ListMeta, to a different package
#Common: _
// ListInterface lets you work with list metadata from any of the versioned or
// internal API objects. Attempting to set or retrieve a field on an object that does
// not support that field will be a no-op and return a default value.
// TODO: move this, and TypeMeta and ListMeta, to a different package
#ListInterface: _
// Type exposes the type and APIVersion of versioned or internal API objects.
// TODO: move this, and TypeMeta and ListMeta, to a different package
#Type: _

14
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
View File

@@ -1,14 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00"
// MicroTime is version of Time with microsecond level precision.
//
// +protobuf.options.marshal=false
// +protobuf.as=Timestamp
// +protobuf.options.(gogoproto.goproto_stringer)=false
#MicroTime: _

9
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
View File

@@ -1,9 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
#GroupName: "meta.k8s.io"
#WatchEventKind: "WatchEvent"

14
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
View File

@@ -1,14 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// Time is a wrapper around time.Time which supports correct
// marshaling to YAML and JSON. Wrappers are provided for many
// of the factory methods that the time package offers.
//
// +protobuf.options.marshal=false
// +protobuf.as=Timestamp
// +protobuf.options.(gogoproto.goproto_stringer)=false
#Time: _

21
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
View File

@@ -1,21 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
// Timestamp is a struct that is equivalent to Time, but intended for
// protobuf marshalling/unmarshalling. It is generated into a serialization
// that matches Time. Do not use in Go structs.
#Timestamp: {
// Represents seconds of UTC time since Unix epoch
// 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
// 9999-12-31T23:59:59Z inclusive.
seconds: int64 @go(Seconds) @protobuf(1,varint,opt)
// Non-negative fractions of a second at nanosecond resolution. Negative
// second values with fractions must still have non-negative nanos values
// that count forward in time. Must be from 0 to 999,999,999
// inclusive. This field may be limited in precision depending on context.
nanos: int32 @go(Nanos) @protobuf(2,varint,opt)
}

1504
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
View File

File diff suppressed because it is too large Load Diff

30
cue/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
View File

@@ -1,30 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1
package v1
import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
)
// Event represents a single event to a watched resource.
//
// +protobuf=true
// +k8s:deepcopy-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
#WatchEvent: {
type: string @go(Type) @protobuf(1,bytes,opt)
// Object is:
// * If Type is Added or Modified: the new state of the object.
// * If Type is Deleted: the state of the object immediately before deletion.
// * If Type is Error: *Status is recommended; other types may make sense
// depending on context.
object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt)
}
// InternalEvent makes watch.Event versioned
// +protobuf=false
#InternalEvent: watch.#Event

37
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
View File

@@ -1,37 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// codec binds an encoder and decoder.
_#codec: {
Encoder: #Encoder
Decoder: #Decoder
}
// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding.
#NoopEncoder: {
Decoder: #Decoder
}
_#noopEncoderIdentifier: #Identifier & "noop"
// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding.
#NoopDecoder: {
Encoder: #Encoder
}
_#base64Serializer: {
Encoder: #Encoder
Decoder: #Decoder
}
_#internalGroupVersionerIdentifier: "internal"
_#disabledGroupVersionerIdentifier: "disabled"
_#internalGroupVersioner: {
}
_#disabledGroupVersioner: {
}

7
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
// Package runtime defines conversions between generic types and structs to map query strings
// to struct objects.
package runtime

9
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
View File

@@ -1,9 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// UnstructuredConverter is an interface for converting between interface{}
// and map[string]interface representation.
#UnstructuredConverter: _

39
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
View File

@@ -1,39 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
// Package runtime includes helper functions for working with API objects
// that follow the kubernetes API object conventions, which are:
//
// 0. Your API objects have a common metadata struct member, TypeMeta.
//
// 1. Your code refers to an internal set of API objects.
//
// 2. In a separate package, you have an external set of API objects.
//
// 3. The external set is considered to be versioned, and no breaking
// changes are ever made to it (fields may be added but not changed
// or removed).
//
// 4. As your api evolves, you'll make an additional versioned package
// with every major change.
//
// 5. Versioned packages have conversion functions which convert to
// and from the internal version.
//
// 6. You'll continue to support older versions according to your
// deprecation policy, and you can easily provide a program/library
// to update old versions into new versions because of 5.
//
// 7. All of your serializations and deserializations are handled in a
// centralized place.
//
// Package runtime provides a conversion helper to make 5 easy, and the
// Encode/Decode/DecodeInto trio to accomplish 7. You can also register
// additional "codecs" which use a version of your choice. It's
// recommended that you register your types with runtime in your
// package's init function.
//
// As a bonus, a few common types useful from all api objects and versions
// are provided in types.go.
package runtime

7
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
_#encodable: _

23
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
View File

@@ -1,23 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// MultiObjectTyper returns the types of objects across multiple schemes in order.
#MultiObjectTyper: [...#ObjectTyper]
_#defaultFramer: {
}
// WithVersionEncoder serializes an object and ensures the GVK is set.
#WithVersionEncoder: {
Version: #GroupVersioner
Encoder: #Encoder
ObjectTyper: #ObjectTyper
}
// WithoutVersionDecoder clears the group version kind of a deserialized object.
#WithoutVersionDecoder: {
Decoder: #Decoder
}

151
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
View File

@@ -1,151 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// APIVersionInternal may be used if you are registering a type that should not
// be considered stable or serialized - it is a convention only and has no
// special behavior in this package.
#APIVersionInternal: "__internal"
// GroupVersioner refines a set of possible conversion targets into a single option.
#GroupVersioner: _
// Identifier represents an identifier.
// Identitier of two different objects should be equal if and only if for every
// input the output they produce is exactly the same.
#Identifier: string // #enumIdentifier
#enumIdentifier:
_#noopEncoderIdentifier
// Encoder writes objects to a serialized form
#Encoder: _
// Decoder attempts to load an object from data.
#Decoder: _
// Serializer is the core interface for transforming objects into a serialized format and back.
// Implementations may choose to perform conversion of the object, but no assumptions should be made.
#Serializer: _
// Codec is a Serializer that deals with the details of versioning objects. It offers the same
// interface as Serializer, so this is a marker to consumers that care about the version of the objects
// they receive.
#Codec: #Serializer
// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and
// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing
// and the desired version must be specified.
#ParameterCodec: _
// Framer is a factory for creating readers and writers that obey a particular framing pattern.
#Framer: _
// SerializerInfo contains information about a specific serialization format
#SerializerInfo: {
// MediaType is the value that represents this serializer over the wire.
MediaType: string
// MediaTypeType is the first part of the MediaType ("application" in "application/json").
MediaTypeType: string
// MediaTypeSubType is the second part of the MediaType ("json" in "application/json").
MediaTypeSubType: string
// EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
EncodesAsText: bool
// Serializer is the individual object serializer for this media type.
Serializer: #Serializer
// PrettySerializer, if set, can serialize this object in a form biased towards
// readability.
PrettySerializer: #Serializer
// StrictSerializer, if set, deserializes this object strictly,
// erring on unknown fields.
StrictSerializer: #Serializer
// StreamSerializer, if set, describes the streaming serialization format
// for this media type.
StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo)
}
// StreamSerializerInfo contains information about a specific stream serialization format
#StreamSerializerInfo: {
// EncodesAsText indicates this serializer can be encoded to UTF-8 safely.
EncodesAsText: bool
// Serializer is the top level object serializer for this type when streaming
Serializer: #Serializer
// Framer is the factory for retrieving streams that separate objects on the wire
Framer: #Framer
}
// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers
// for multiple supported media types. This would commonly be accepted by a server component
// that performs HTTP content negotiation to accept multiple formats.
#NegotiatedSerializer: _
// ClientNegotiator handles turning an HTTP content type into the appropriate encoder.
// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from
// a NegotiatedSerializer.
#ClientNegotiator: _
// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers
// that can read and write data at rest. This would commonly be used by client tools that must
// read files, or server side storage interfaces that persist restful objects.
#StorageSerializer: _
// NestedObjectEncoder is an optional interface that objects may implement to be given
// an opportunity to encode any nested Objects / RawExtensions during serialization.
#NestedObjectEncoder: _
// NestedObjectDecoder is an optional interface that objects may implement to be given
// an opportunity to decode any nested Objects / RawExtensions during serialization.
#NestedObjectDecoder: _
#ObjectDefaulter: _
#ObjectVersioner: _
// ObjectConvertor converts an object to a different version.
#ObjectConvertor: _
// ObjectTyper contains methods for extracting the APIVersion and Kind
// of objects.
#ObjectTyper: _
// ObjectCreater contains methods for instantiating an object by kind and version.
#ObjectCreater: _
// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource
#EquivalentResourceMapper: _
// EquivalentResourceRegistry provides an EquivalentResourceMapper interface,
// and allows registering known resource[/subresource] -> kind
#EquivalentResourceRegistry: _
// ResourceVersioner provides methods for setting and retrieving
// the resource version from an API object.
#ResourceVersioner: _
// SelfLinker provides methods for setting and retrieving the SelfLink field of an API object.
#SelfLinker: _
// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are
// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows
// serializers to set the kind, version, and group the object is represented as. An Object may choose
// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized.
#Object: _
// CacheableObject allows an object to cache its different serializations
// to avoid performing the same serialization multiple times.
#CacheableObject: _
// Unstructured objects store values as map[string]interface{}, with only values that can be serialized
// to JSON allowed.
#Unstructured: _

12
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
View File

@@ -1,12 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// NegotiateError is returned when a ClientNegotiator is unable to locate
// a serializer for the requested operation.
#NegotiateError: {
ContentType: string
Stream: bool
}

14
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
View File

@@ -1,14 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// Pair of strings. We keed the name of fields and the doc
#Pair: {
Name: string
Doc: string
}
// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself
#KubeTypes: [...#Pair]

90
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
View File

@@ -1,90 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type,
// like this:
// type MyAwesomeAPIObject struct {
// runtime.TypeMeta `json:",inline"`
// ... // other fields
// }
// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind
//
// TypeMeta is provided here for convenience. You may use it directly from this package or define
// your own with the same fields.
//
// +k8s:deepcopy-gen=false
// +protobuf=true
// +k8s:openapi-gen=true
#TypeMeta: {
// +optional
apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt)
// +optional
kind?: string @go(Kind) @protobuf(2,bytes,opt)
}
#ContentTypeJSON: "application/json"
#ContentTypeYAML: "application/yaml"
#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf"
// RawExtension is used to hold extensions in external versions.
//
// To use this, make a field which has RawExtension as its type in your external, versioned
// struct, and Object in your internal struct. You also need to register your
// various plugin types.
//
// // Internal package:
// type MyAPIObject struct {
// runtime.TypeMeta `json:",inline"`
// MyPlugin runtime.Object `json:"myPlugin"`
// }
// type PluginA struct {
// AOption string `json:"aOption"`
// }
//
// // External package:
// type MyAPIObject struct {
// runtime.TypeMeta `json:",inline"`
// MyPlugin runtime.RawExtension `json:"myPlugin"`
// }
// type PluginA struct {
// AOption string `json:"aOption"`
// }
//
// // On the wire, the JSON will look something like this:
// {
// "kind":"MyAPIObject",
// "apiVersion":"v1",
// "myPlugin": {
// "kind":"PluginA",
// "aOption":"foo",
// },
// }
//
// So what happens? Decode first uses json or yaml to unmarshal the serialized data into
// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked.
// The next step is to copy (using pkg/conversion) into the internal struct. The runtime
// package's DefaultScheme has conversion functions installed which will unpack the
// JSON stored in RawExtension, turning it into the correct object type, and storing it
// in the Object. (TODO: In the case where the object is of an unknown type, a
// runtime.Unknown object will be created and stored.)
//
// +k8s:deepcopy-gen=true
// +protobuf=true
// +k8s:openapi-gen=true
#RawExtension: _
// Unknown allows api objects with unknown types to be passed-through. This can be used
// to deal with the API objects from a plug-in. Unknown objects still have functioning
// TypeMeta features-- kind, version, etc.
// TODO: Make this object have easy access to field based accessors and settors for
// metadata and field mutatation.
//
// +k8s:deepcopy-gen=true
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +protobuf=true
// +k8s:openapi-gen=true
#Unknown: _

9
cue/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
View File

@@ -1,9 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/runtime
package runtime
#ProtobufMarshaller: _
#ProtobufReverseMarshaller: _

6
cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
View File

@@ -1,6 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
// Package types implements various generic types used throughout kubernetes.
package types

12
cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
View File

@@ -1,12 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
#NamespacedName: {
Namespace: string
Name: string
}
#Separator: 47 // '/'

31
cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
View File

@@ -1,31 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
// NodeName is a type that holds a api.Node's Name identifier.
// Being a type captures intent and helps make sure that the node name
// is not confused with similar concepts (the hostname, the cloud provider id,
// the cloud provider name etc)
//
// To clarify the various types:
//
// * Node.Name is the Name field of the Node in the API. This should be stored in a NodeName.
// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level.
//
// * Hostname is the hostname of the local machine (from uname -n).
// However, some components allow the user to pass in a --hostname-override flag,
// which will override this in most places. In the absence of anything more meaningful,
// kubelet will use Hostname as the Node.Name when it creates the Node.
//
// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId.
//
// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the
// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up
// to the cloudprovider how to do this mapping.
//
// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the
// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if
// we are using a custom DHCP domain it won't be.
#NodeName: string

21
cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
View File

@@ -1,21 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
// Similarly to above, these are constants to support HTTP PATCH utilized by
// both the client and server that didn't make sense for a whole package to be
// dedicated to.
#PatchType: string // #enumPatchType
#enumPatchType:
#JSONPatchType |
#MergePatchType |
#StrategicMergePatchType |
#ApplyPatchType
#JSONPatchType: #PatchType & "application/json-patch+json"
#MergePatchType: #PatchType & "application/merge-patch+json"
#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json"
#ApplyPatchType: #PatchType & "application/apply-patch+yaml"

10
cue/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
View File

@@ -1,10 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/types
package types
// UID is a type that holds unique ID values, including UUIDs. Because we
// don't ONLY use UUIDs, this is an alias to string. Being a type captures
// intent and helps make sure that UIDs and names do not get conflated.
#UID: string

31
cue/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
View File

@@ -1,31 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr
package intstr
// IntOrString is a type that can hold an int32 or a string. When used in
// JSON or YAML marshalling and unmarshalling, it produces or consumes the
// inner type. This allows you to have, for example, a JSON field that can
// accept a name or number.
// TODO: Rename to Int32OrString
//
// +protobuf=true
// +protobuf.options.(gogoproto.goproto_stringer)=false
// +k8s:openapi-gen=true
#IntOrString: _
// Type represents the stored type of IntOrString.
#Type: int64 // #enumType
#enumType:
#Int |
#String
#values_Type: {
Int: #Int
String: #String
}
#Int: #Type & 0
#String: #Type & 1

7
cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
View File

@@ -1,7 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
// Package watch contains a generic watchable interface, and a fake for
// testing code that uses the watch interface.
package watch

10
cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
View File

@@ -1,10 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
// Recorder records all events that are sent from the watch until it is closed.
#Recorder: {
Interface: #Interface
}

25
cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
View File

@@ -1,25 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch
// channel is full.
#FullChannelBehavior: int // #enumFullChannelBehavior
#enumFullChannelBehavior:
#WaitIfChannelFull |
#DropIfChannelFull
#values_FullChannelBehavior: {
WaitIfChannelFull: #WaitIfChannelFull
DropIfChannelFull: #DropIfChannelFull
}
#WaitIfChannelFull: #FullChannelBehavior & 0
#DropIfChannelFull: #FullChannelBehavior & 1
_#incomingQueueLength: 25
_#internalRunFunctionMarker: "internal-do-function"

12
cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
View File

@@ -1,12 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written.
#Decoder: _
// Reporter hides the details of how an error is turned into a runtime.Object for
// reporting on a watch stream since this package may not import a higher level report.
#Reporter: _

48
cue/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
View File

@@ -1,48 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go k8s.io/apimachinery/pkg/watch
package watch
import "k8s.io/apimachinery/pkg/runtime"
// Interface can be implemented by anything that knows how to watch and report changes.
#Interface: _
// EventType defines the possible types of events.
#EventType: string // #enumEventType
#enumEventType:
#Added |
#Modified |
#Deleted |
#Bookmark |
#Error
#Added: #EventType & "ADDED"
#Modified: #EventType & "MODIFIED"
#Deleted: #EventType & "DELETED"
#Bookmark: #EventType & "BOOKMARK"
#Error: #EventType & "ERROR"
// Event represents a single event to a watched resource.
// +k8s:deepcopy-gen=true
#Event: {
Type: #EventType
// Object is:
// * If Type is Added or Modified: the new state of the object.
// * If Type is Deleted: the state of the object immediately before deletion.
// * If Type is Bookmark: the object (instance of a type being watched) where
// only ResourceVersion field is set. On successful restart of watch from a
// bookmark resourceVersion, client is guaranteed to not get repeat event
// nor miss any events.
// * If Type is Error: *api.Status is recommended; other types may make sense
// depending on context.
Object: runtime.#Object
}
// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe.
#RaceFreeFakeWatcher: {
Stopped: bool
}

68
cue/cue.mod/gen/time/format_go_gen.cue
View File

@@ -1,68 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go time
package time
#Layout: "01/02 03:04:05PM '06 -0700"
#ANSIC: "Mon Jan _2 15:04:05 2006"
#UnixDate: "Mon Jan _2 15:04:05 MST 2006"
#RubyDate: "Mon Jan 02 15:04:05 -0700 2006"
#RFC822: "02 Jan 06 15:04 MST"
#RFC822Z: "02 Jan 06 15:04 -0700"
#RFC850: "Monday, 02-Jan-06 15:04:05 MST"
#RFC1123: "Mon, 02 Jan 2006 15:04:05 MST"
#RFC1123Z: "Mon, 02 Jan 2006 15:04:05 -0700"
#RFC3339: "2006-01-02T15:04:05Z07:00"
#RFC3339Nano: "2006-01-02T15:04:05.999999999Z07:00"
#Kitchen: "3:04PM"
// Handy time stamps.
#Stamp: "Jan _2 15:04:05"
#StampMilli: "Jan _2 15:04:05.000"
#StampMicro: "Jan _2 15:04:05.000000"
#StampNano: "Jan _2 15:04:05.000000000"
_#stdLongMonth: 257
_#stdMonth: 258
_#stdNumMonth: 259
_#stdZeroMonth: 260
_#stdLongWeekDay: 261
_#stdWeekDay: 262
_#stdDay: 263
_#stdUnderDay: 264
_#stdZeroDay: 265
_#stdUnderYearDay: 266
_#stdZeroYearDay: 267
_#stdHour: 524
_#stdHour12: 525
_#stdZeroHour12: 526
_#stdMinute: 527
_#stdZeroMinute: 528
_#stdSecond: 529
_#stdZeroSecond: 530
_#stdLongYear: 275
_#stdYear: 276
_#stdPM: 533
_#stdpm: 534
_#stdTZ: 23
_#stdISO8601TZ: 24
_#stdISO8601SecondsTZ: 25
_#stdISO8601ShortTZ: 26
_#stdISO8601ColonTZ: 27
_#stdISO8601ColonSecondsTZ: 28
_#stdNumTZ: 29
_#stdNumSecondsTz: 30
_#stdNumShortTZ: 31
_#stdNumColonTZ: 32
_#stdNumColonSecondsTZ: 33
_#stdFracSecond0: 34
_#stdFracSecond9: 35
_#stdNeedDate: 256
_#stdNeedClock: 512
_#stdArgShift: 16
_#stdSeparatorShift: 28
_#stdMask: 65535
_#lowerhex: "0123456789abcdef"
_#runeSelf: 0x80
_#runeError: 65533 // '\uFFFD'

266
cue/cue.mod/gen/time/time_go_gen.cue
View File

@@ -1,266 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go time
// Package time provides functionality for measuring and displaying time.
//
// The calendrical calculations always assume a Gregorian calendar, with
// no leap seconds.
//
// Monotonic Clocks
//
// Operating systems provide both a “wall clock,” which is subject to
// changes for clock synchronization, and a “monotonic clock,” which is
// not. The general rule is that the wall clock is for telling time and
// the monotonic clock is for measuring time. Rather than split the API,
// in this package the Time returned by time.Now contains both a wall
// clock reading and a monotonic clock reading; later time-telling
// operations use the wall clock reading, but later time-measuring
// operations, specifically comparisons and subtractions, use the
// monotonic clock reading.
//
// For example, this code always computes a positive elapsed time of
// approximately 20 milliseconds, even if the wall clock is changed during
// the operation being timed:
//
// start := time.Now()
// ... operation that takes 20 milliseconds ...
// t := time.Now()
// elapsed := t.Sub(start)
//
// Other idioms, such as time.Since(start), time.Until(deadline), and
// time.Now().Before(deadline), are similarly robust against wall clock
// resets.
//
// The rest of this section gives the precise details of how operations
// use monotonic clocks, but understanding those details is not required
// to use this package.
//
// The Time returned by time.Now contains a monotonic clock reading.
// If Time t has a monotonic clock reading, t.Add adds the same duration to
// both the wall clock and monotonic clock readings to compute the result.
// Because t.AddDate(y, m, d), t.Round(d), and t.Truncate(d) are wall time
// computations, they always strip any monotonic clock reading from their results.
// Because t.In, t.Local, and t.UTC are used for their effect on the interpretation
// of the wall time, they also strip any monotonic clock reading from their results.
// The canonical way to strip a monotonic clock reading is to use t = t.Round(0).
//
// If Times t and u both contain monotonic clock readings, the operations
// t.After(u), t.Before(u), t.Equal(u), and t.Sub(u) are carried out
// using the monotonic clock readings alone, ignoring the wall clock
// readings. If either t or u contains no monotonic clock reading, these
// operations fall back to using the wall clock readings.
//
// On some systems the monotonic clock will stop if the computer goes to sleep.
// On such a system, t.Sub(u) may not accurately reflect the actual
// time that passed between t and u.
//
// Because the monotonic clock reading has no meaning outside
// the current process, the serialized forms generated by t.GobEncode,
// t.MarshalBinary, t.MarshalJSON, and t.MarshalText omit the monotonic
// clock reading, and t.Format provides no format for it. Similarly, the
// constructors time.Date, time.Parse, time.ParseInLocation, and time.Unix,
// as well as the unmarshalers t.GobDecode, t.UnmarshalBinary.
// t.UnmarshalJSON, and t.UnmarshalText always create times with
// no monotonic clock reading.
//
// Note that the Go == operator compares not just the time instant but
// also the Location and the monotonic clock reading. See the
// documentation for the Time type for a discussion of equality
// testing for Time values.
//
// For debugging, the result of t.String does include the monotonic
// clock reading if present. If t != u because of different monotonic clock readings,
// that difference will be visible when printing t.String() and u.String().
//
package time
// A Time represents an instant in time with nanosecond precision.
//
// Programs using times should typically store and pass them as values,
// not pointers. That is, time variables and struct fields should be of
// type time.Time, not *time.Time.
//
// A Time value can be used by multiple goroutines simultaneously except
// that the methods GobDecode, UnmarshalBinary, UnmarshalJSON and
// UnmarshalText are not concurrency-safe.
//
// Time instants can be compared using the Before, After, and Equal methods.
// The Sub method subtracts two instants, producing a Duration.
// The Add method adds a Time and a Duration, producing a Time.
//
// The zero value of type Time is January 1, year 1, 00:00:00.000000000 UTC.
// As this time is unlikely to come up in practice, the IsZero method gives
// a simple way of detecting a time that has not been initialized explicitly.
//
// Each Time has associated with it a Location, consulted when computing the
// presentation form of the time, such as in the Format, Hour, and Year methods.
// The methods Local, UTC, and In return a Time with a specific location.
// Changing the location in this way changes only the presentation; it does not
// change the instant in time being denoted and therefore does not affect the
// computations described in earlier paragraphs.
//
// Representations of a Time value saved by the GobEncode, MarshalBinary,
// MarshalJSON, and MarshalText methods store the Time.Location's offset, but not
// the location name. They therefore lose information about Daylight Saving Time.
//
// In addition to the required “wall clock” reading, a Time may contain an optional
// reading of the current process's monotonic clock, to provide additional precision
// for comparison or subtraction.
// See the “Monotonic Clocks” section in the package documentation for details.
//
// Note that the Go == operator compares not just the time instant but also the
// Location and the monotonic clock reading. Therefore, Time values should not
// be used as map or database keys without first guaranteeing that the
// identical Location has been set for all values, which can be achieved
// through use of the UTC or Local method, and that the monotonic clock reading
// has been stripped by setting t = t.Round(0). In general, prefer t.Equal(u)
// to t == u, since t.Equal uses the most accurate comparison available and
// correctly handles the case when only one of its arguments has a monotonic
// clock reading.
//
#Time: _
_#hasMonotonic: 9223372036854775808
_#maxWall: int64 & 68043243391
_#minWall: int64 & 59453308800
_#nsecMask: 1073741823
_#nsecShift: 30
// A Month specifies a month of the year (January = 1, ...).
#Month: int // #enumMonth
#enumMonth:
#January |
#February |
#March |
#April |
#May |
#June |
#July |
#August |
#September |
#October |
#November |
#December
#values_Month: {
January: #January
February: #February
March: #March
April: #April
May: #May
June: #June
July: #July
August: #August
September: #September
October: #October
November: #November
December: #December
}
#January: #Month & 1
#February: #Month & 2
#March: #Month & 3
#April: #Month & 4
#May: #Month & 5
#June: #Month & 6
#July: #Month & 7
#August: #Month & 8
#September: #Month & 9
#October: #Month & 10
#November: #Month & 11
#December: #Month & 12
// A Weekday specifies a day of the week (Sunday = 0, ...).
#Weekday: int // #enumWeekday
#enumWeekday:
#Sunday |
#Monday |
#Tuesday |
#Wednesday |
#Thursday |
#Friday |
#Saturday
#values_Weekday: {
Sunday: #Sunday
Monday: #Monday
Tuesday: #Tuesday
Wednesday: #Wednesday
Thursday: #Thursday
Friday: #Friday
Saturday: #Saturday
}
#Sunday: #Weekday & 0
#Monday: #Weekday & 1
#Tuesday: #Weekday & 2
#Wednesday: #Weekday & 3
#Thursday: #Weekday & 4
#Friday: #Weekday & 5
#Saturday: #Weekday & 6
// The unsigned zero year for internal calculations.
// Must be 1 mod 400, and times before it will not compute correctly,
// but otherwise can be changed at will.
_#absoluteZeroYear: -292277022399
// The year of the zero Time.
// Assumed by the unixToInternal computation below.
_#internalYear: 1
// Offsets to convert between internal and absolute or Unix times.
_#absoluteToInternal: int64 & -9223371966579724800
_#internalToAbsolute: int64 & 9223371966579724800
_#unixToInternal: int64 & 62135596800
_#internalToUnix: int64 & -62135596800
_#wallToInternal: int64 & 59453308800
_#internalToWall: int64 & -59453308800
// A Duration represents the elapsed time between two instants
// as an int64 nanosecond count. The representation limits the
// largest representable duration to approximately 290 years.
#Duration: int64 // #enumDuration
#enumDuration:
_#minDuration |
_#maxDuration |
#Nanosecond |
#Microsecond |
#Millisecond |
#Second |
#Minute |
#Hour
#values_Duration: {
minDuration: _#minDuration
maxDuration: _#maxDuration
Nanosecond: #Nanosecond
Microsecond: #Microsecond
Millisecond: #Millisecond
Second: #Second
Minute: #Minute
Hour: #Hour
}
_#minDuration: #Duration & -9223372036854775808
_#maxDuration: #Duration & 9223372036854775807
#Nanosecond: #Duration & 1
#Microsecond: #Duration & 1000
#Millisecond: #Duration & 1000000
#Second: #Duration & 1000000000
#Minute: #Duration & 60000000000
#Hour: #Duration & 3600000000000
_#secondsPerMinute: 60
_#secondsPerHour: 3600
_#secondsPerDay: 86400
_#secondsPerWeek: 604800
_#daysPer400Years: 146097
_#daysPer100Years: 36524
_#daysPer4Years: 1461
_#timeBinaryVersion: 1

19
cue/cue.mod/gen/time/zoneinfo_go_gen.cue
View File

@@ -1,19 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go time
package time
// A Location maps time instants to the zone in use at that time.
// Typically, the Location represents the collection of time offsets
// in use in a geographical area. For many Locations the time offset varies
// depending on whether daylight savings time is in use at the time instant.
#Location: {
}
_#alpha: -9223372036854775808
_#omega: 9223372036854775807
_#ruleJulian: _#ruleKind & 0
_#ruleDOY: _#ruleKind & 1
_#ruleMonthWeekDay: _#ruleKind & 2

11
cue/cue.mod/gen/time/zoneinfo_read_go_gen.cue
View File

@@ -1,11 +0,0 @@
// Code generated by cue get go. DO NOT EDIT.
//cue:generate cue get go time
package time
_#maxFileSize: 10485760
_#seekStart: 0
_#seekCurrent: 1
_#seekEnd: 2

34
cue/main.cue
View File

@@ -4,24 +4,30 @@ import (
podinfo "github.com/stefanprodan/podinfo/cue/podinfo"
)
resources: (podinfo.#Application & {
input: {
app: podinfo.#Application & {
config: {
meta: {
name: "podinfo"
annotations: {
"app.kubernetes.io/part-of": "podinfo"
}
name: "podinfo"
namespace: "default"
}
image: {
repository: "ghcr.io/stefanprodan/podinfo"
tag: "6.1.3"
image: tag: "6.3.2"
resources: requests: {
cpu: "100m"
memory: "16Mi"
}
resources: requests: cpu: "100m"
hpa: {
enabled: true
minReplicas: 2
maxReplicas: 4
cpu: 99
maxReplicas: 3
}
ingress: {
enabled: true
className: "nginx"
host: "podinfo.example.com"
tls: true
annotations: "cert-manager.io/cluster-issuer": "letsencrypt"
}
serviceMonitor: enabled: true
}
}).out
}
objects: app.objects

2
cue/main_tool.cue
View File

@@ -7,6 +7,6 @@ import (
command: gen: {
task: print: cli.Print & {
text: yaml.MarshalStream([ for x in resources {x}])
text: yaml.MarshalStream([ for x in objects {x}])
}
}

31
cue/podinfo/app.cue
View File

@@ -1,21 +1,26 @@
package podinfo
#Application: {
input: #Config
out: {
sa: #ServiceAccount & {_config: input}
deploy: #Deployment & {
_config: input
_serviceAccount: sa.metadata.name
config: #Config
objects: {
service: #Service & {_config: config}
account: #ServiceAccount & {_config: config}
deployment: #Deployment & {
_config: config
_serviceAccount: account.metadata.name
}
service: #Service & {_config: input}}
if input.hpa.enabled == true {
out: hpa: #HorizontalPodAutoscaler & {_config: input}
}
if input.serviceMonitor.enabled == true {
out: serviceMonitor: #ServiceMonitor & {_config: input}
if config.hpa.enabled == true {
objects: hpa: #HorizontalPodAutoscaler & {_config: config}
}
if input.ingress.enabled == true {
out: ingress: #Ingress & {_config: input}
if config.ingress.enabled == true {
objects: ingress: #Ingress & {_config: config}
}
if config.serviceMonitor.enabled == true {
objects: serviceMonitor: #ServiceMonitor & {_config: config}
}
}

24
cue/podinfo/certificate.cue
View File

@@ -1,24 +0,0 @@
package podinfo
import (
certmanv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"encoding/yaml"
)
#certConfig: {
dnsNames: [string]
tlsSecretName: string
issuerRef: string
}
#Certificate: certmanv1.#Certificate & {
_config: #Config
apiVersion: "v1"
kind: "Certificate"
metadata: _config.meta
spec: certmanv1.#CertificateSpec & {
dnsNames: _config.cert.dnsNames
secretName: _config.cert.tlsSecretName
issuerRef: yaml.Marshal(_config.cert.issuerRef)
}
}

62
cue/podinfo/config.cue
View File

@@ -6,54 +6,36 @@ import (
)
#Config: {
meta: metav1.#ObjectMeta
meta: metav1.#ObjectMeta
hpa: #hpaConfig
ingress: #ingressConfig
service: #serviceConfig
serviceMonitor: #serviceMonConfig
image: {
repository: *"ghcr.io/stefanprodan/podinfo" | string
tag: string
pullPolicy: *"IfNotPresent" | string
tag: string
}
selectorLabels: {
"app.kubernetes.io/name": meta.name
}
replicas: *1 | int
service: #serviceConfig
host: string
cache: string
backends: [string]
cache?: string & =~"^tcp://"
backends: [...string]
logLevel: *"info" | string
faults: {
delay: *false | bool
error: *false | bool
unhealthy: *false | bool
unready: *false | bool
}
h2c: {
enabled: *false | bool
}
ui: {
color: *"#34577c" | string
message: *"" | string
logo: *"" | string
}
podAnnotations: {[ string]: string}
securityContext: corev1.#PodSecurityContext
resources: *{
replicas: *1 | int
resources: *{
requests: {
cpu: "1m"
memory: "16Mi"
}
limits: memory: "128Mi"
} | corev1.#ResourceRequirements
nodeSelector: {[ string]: string}
affinity: corev1.#Affinity
tolerations: [ ...corev1.#Toleration]
tls: {
enabled: *false | bool
port: *9899 | int
certPath: *"/data/cert" | string
secretName: *"" | string
}
cert: #certConfig
hpa: #hpaConfig
ingress: #ingressConfig
serviceMonitor: #serviceMonConfig
selectorLabels: *{"app.kubernetes.io/name": meta.name} | {[ string]: string}
meta: annotations: *{"app.kubernetes.io/version": "\(image.tag)"} | {[ string]: string}
meta: labels: *selectorLabels | {[ string]: string}
securityContext?: corev1.#PodSecurityContext
affinity?: corev1.#Affinity
tolerations?: [ ...corev1.#Toleration]
}

69
cue/podinfo/deployment.cue
View File

@@ -12,7 +12,7 @@ import (
kind: "Deployment"
metadata: _config.meta
spec: appsv1.#DeploymentSpec & {
if _config.hpa.enabled == false {
if !_config.hpa.enabled {
replicas: _config.replicas
}
strategy: {
@@ -23,29 +23,33 @@ import (
template: {
metadata: {
labels: _config.selectorLabels
annotations: {
"prometheus.io/scrape": "true"
"prometheus.io/port": "\(_config.service.metricsPort)"
_config.podAnnotations
if !_config.serviceMonitor.enabled {
annotations: {
"prometheus.io/scrape": "true"
"prometheus.io/port": "\(_config.service.metricsPort)"
}
}
}
spec: corev1.#PodSpec & {
terminationGracePeriodSeconds: 30
terminationGracePeriodSeconds: 15
serviceAccountName: _serviceAccount
containers: [
{
name: "podinfo"
image: "\(_config.image.repository):\(_config.image.tag)"
imagePullPolicy: _config.image.pullPolicy
securityContext: _config.securityContext
command: [
"./podinfo",
"--port=\(_config.service.httpPort)",
"--port-metrics=\(_config.service.metricsPort)",
"--grpc-port=\(_config.service.grpcPort)",
"--level=\(_config.logLevel)",
"--random-delay=\(_config.faults.delay)",
"--random-error=\(_config.faults.error)",
if _config.cache != _|_ {
"--cache-server=\(_config.cache)"
},
for b in _config.backends {
"--backend-url=\(b)"
},
]
ports: [
{
@@ -65,57 +69,40 @@ import (
},
]
livenessProbe: {
exec: {
command: [
"podcli",
"check",
"http",
"localhost:\(_config.service.httpPort)/healthz",
]
httpGet: {
path: "/healthz"
port: "http"
}
initialDelaySeconds: 1
timeoutSeconds: 5
}
readinessProbe: {
exec: {
command: [
"podcli",
"check",
"http",
"localhost:\(_config.service.httpPort)/readyz",
]
httpGet: {
path: "/readyz"
port: "http"
}
initialDelaySeconds: 1
timeoutSeconds: 5
}
volumeMounts: [
{
name: "data"
mountPath: "/data"
},
if _config.tls.secretName != "" {
name: "tls"
mountPath: _config.tls.certPath
readOnly: true
},
]
resources: _config.resources
if _config.securityContext != _|_ {
securityContext: _config.securityContext
}
},
]
nodeSelector: _config.nodeSelector
affinity: _config.affinity
tolerations: _config.tolerations
if _config.affinity != _|_ {
affinity: _config.affinity
}
if _config.tolerations != _|_ {
tolerations: _config.tolerations
}
volumes: [
{
name: "data"
emptyDir: {}
},
if _config.tls.secretName != "" {
name: "tls"
secret: {
secretName: _config.tls.secretName
}
},
]
}
}

Some files were not shown because too many files have changed in this diff Show More